1453 matches found
CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting
A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...
CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting
A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...
PVS Server SOAP service communication fails from remote PVS console
When setting up new Windows Server 2025 virtual machines on VMware to create two new PVS servers, the following issues occur: After installing PVS software and running configuration wizard successfully on the first PVS server, the PVS farm access using this PVS server was only possible using the...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade macropay-solutions/laravel-crud-wizard-free to version 3.4.17 ...
CVE-2025-23468
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wrenchpilot Essay Wizard wpCRES essay-wizard-wpcres allows Reflected XSS.This issue affects Essay Wizard wpCRES: from n/a through = 1.0.6.4...
CVE-2025-23468
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wrenchpilot Essay Wizard wpCRES essay-wizard-wpcres allows Reflected XSS.This issue affects Essay Wizard wpCRES: from n/a through = 1.0.6.4...
CVE-2025-23468
CVE-2025-23468 affects WordPress plugin NotFound Essay Wizard (wpCRES) versions up to and including 1.0.6.4. The issue is a Reflected Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. Affected component: wpCRES plugin for Essay Wizard; vulnerable versi...
CVE-2025-23468 WordPress Essay Wizard (wpCRES) plugin <= 1.0.6.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wrenchpilot Essay Wizard wpCRES essay-wizard-wpcres allows Reflected XSS.This issue affects Essay Wizard wpCRES: from n/a through = 1.0.6.4...
WordPress plugin NotFound Essay Wizard (wpCRES) 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Citrix Provisioning - Unable to add a new server to the Farm
Configuration Wizard shows warnings when admin tries to add a new PVS Server to the Farm. Error displayed: Errors have occured during the configuration process ConfigurationWizard.log located in C:\ProgramData\Citrix\Provisioning Services on the PVS Server shows the errors:...
CVE-2025-0801
The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API...
PT-2025-9054 · WordPress · Ratemyagent Official
Name of the Vulnerable Software and Affected Versions: RateMyAgent Official plugin for WordPress versions up to and including 1.4.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This allows unauthenticate...
The vulnerability of the sub_422eb8() function in Linksys E8450 Wi-Fi router software allows a hacker to execute arbitrary commands.
The vulnerability of the sub422eb8 function in Linksys E8450 Wi-Fi routers’ microprogrammed software is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing for handling the wizardstatus parameter. Exploiting this vulnerability...
CVE-2020-8482
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data...
CVE-2024-25917
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1...
CVE-2024-9491
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer...
CVE-2024-9549
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated...
PVS Citrix Virtual Desktops Setup Wizard fails to create every other machine
When using PVS Citrix Virtual Desktops Setup Wizard, it creates machines however every other machine fails to be created. This typically means either all even numbers machines or odd numbers machines fails to be created depending on what number you start with...
CVE-2024-9491
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer...
CVE-2024-9491
CVE-2024-9491 affects the Configuration Wizard 2 installer (Silicon Labs/Silicon Configuration Wizard 2) and is caused by an uncontrolled DLL search path, enabling DLL hijacking. Impact described in sources as local escalation that could lead to privilege escalation and arbitrary code execution w...