CVE-2021-34633

Affected software: WordPress plugin YouTube Feeder (versions ≤ 2.0.1). Vulnerable component: printAdminPage function in youtube-feeder.php. Root cause: Cross-Site Request Forgery that enables an attacker to inject arbitrary web scripts. Impact: reported as CSRF leading to stored XSS; risk details...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62970)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62976)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62969)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

CVE-2021-36702

The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...

MaxSite CMS 跨站脚本漏洞

MaxSite CMS is a web content management system from the Russian MaxSite CMS open source project. MaxSite CMS has a security vulnerability that allows remote attackers to inject arbitrary web scripts into the page using the vulnerability...

Liferay Portal 和 Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

CVE-2021-34632

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the locconfig function found in the /seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1...

Cross site request forgery (csrf)

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the /includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7...

CVE-2021-34632 SEO Backlinks <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the locconfig function found in the /seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1...

WordPress 插件 跨站请求伪造漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin that allows an attacker to inject arbitrary versions of web scripts...

CVE-2020-20700

A stored cross site scripting XSS vulnerability in /app/formadd/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box...

CVE-2020-20701

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

Cross site scripting

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A stored cross site scripting XSS vulnerability in /app/formadd/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box...

Nifty Newsletters <= 4.0.23 - CSRF to Stored XSS

The plugin is vulnerable to Cross-Site Request Forgery via the solanlwphead function found in the /sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23...

S-CMS Cross-Site Scripting Vulnerability (CNVD-2021-58258)

S-CMS 3.0 has a cross-site scripting vulnerability, which can be exploited by attackers via the "Copyright" text box under "Basic Settings" to execute arbitrary Web scripts or HTML. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the "Copyright" text box under "Bas...