Gogs <0.12.5 - Server-Side Request Forgery

Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-0870 info: name: Gogs 0.12.5 - Server-Sid...

Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...

External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery

WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...

Prestashop Blockwishlist 2.1.0 SQL Injection

Prestashop Blockwishlist module version 2.1.0 suffers from a remote authenticated SQL injection vulnerability. id: CVE-2022-31101 info: name: Prestashop Blockwishlist 2.1.0 SQL Injection author: mastercho severity: high description: | Prestashop Blockwishlist module version 2.1.0 suffers from a...

WordPress Simple File List <3.2.8 - Local File Inclusion

WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the /includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files. id: CVE-2022-1119 info: name: WordPress Simple File List...

WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting

WordPress Shortcodes and extra features plugin for the Phlox theme before 2.9.8 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting...

WWBN AVideo 11.6 - Cross-Site Scripting

WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization. id: CVE-2022-32771 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: arafatansari severity:...

WordPress Feed Them Social <3.0.1 - Cross-Site Scripting

WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. id: CVE-2022-2383 info: name: WordPress Feed Them Social 3.0.1 - Cross-Site Scripting author: akincibor...

NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting

NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php. id: CVE-2022-33119 info: name: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting author: arafatansari severity: medium description: | NUUO NVRsolo Video Recorder 03.06.02 contains...

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

UpdraftPlus < 1.22.9 - Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...

WordPress Stop Bad Bots <6.930 - SQL Injection

WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbotsgravafingerprint AJAX action, available to unauthenticated users. An attacker can...

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...

Login as User or Customer < 3.3 - Privilege Escalation

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. id: CVE-2022-4305 info: name: Login as User or Customer 3.3 - Privilege Escalation author: r3Y3r53 severity: critical...

Mura CMS <10.0.580 - Authentication Bypass

Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...

WordPress KiviCare <2.3.9 - SQL Injection

WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route. An attacker can possibly obtain sensitive information, modify...

Formcraft3 <3.8.28 - Server-Side Request Forgery

Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users. id: CVE-2022-0591 info: name: Formcraft3 3.8.28 - Server-Side Request Forgery author: Akincibor,j4vaovo severit...

NexusPHP <1.7.33 - Cross-Site Scripting

NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can...

WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the album's name before outputting it in pages or posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting XSS attacks even when the unfiltered-html capabilit...

WordPress Page Views Count <2.4.15 - SQL Injection

WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability. It does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execu...

WordPress Ad Inserter <2.7.10 - Cross-Site Scripting

WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the htmlelementselection parameter before outputting it back in the page. id: CVE-2022-0288 info: name: WordPress Ad Inserter 2.7.10 - Cross-Site Scripting author: DhiyaneshDK...

Codoforum 5.1 - Arbitrary File Upload

Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain...

LISTSERV 17 - Cross-Site Scripting

LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the "c" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2022-39195 info: name:...

Helmet Store Showroom - Cross Site Scripting

Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. id: CVE-2022-46073 info: name: Helmet Store Showroom - Cross Site Scripting author: Harsh severity: medium description: | Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. impact: | Successful exploitation of...

AeroCMS 0.1.1 - SQL Injection

AeroCMS 0.1.1 contains a SQL injection caused by unsanitized author parameter, letting attackers execute arbitrary SQL commands, exploit requires crafted author input. id: CVE-2022-38812 info: name: AeroCMS 0.1.1 - SQL Injection author: shivampand3y severity: medium description: | AeroCMS 0.1.1...

WordPress <= 6.2 - Server Side Request Forgery

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. id: CVE-2022-3590 info: name: WordPress = 6.2 - Server Side...

Complete Online Job Search System 1.0 - Cross-Site Scripting

Complete Online Job Search System 1.0 contains a cross-site scripting vulnerability via index.php?q=advancesearch. id: CVE-2022-29316 info: name: Complete Online Job Search System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Complete Online Job Search System 1.0...

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

Microweber <1.2.12 - Integer Overflow

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request. id: CVE-2022-0968 info: name: Microweber 1.2.12 - Integer...

Linx Sphere - Directory Traversal

A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. id: CVE-2022-45269 info: name: Linx Sphere - Directory Traversal author: robotshell severity: high description: | A directory traversal vulnerability...

Simple Task Managing System v1.0 - SQL Injection

SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries. id:...

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. id: CVE-2022-25485 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion...

WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting

WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. id:...

WordPress WPB Show Core - Cross-Site Scripting

WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

WordPress Newspaper < 12 - Cross-Site Scripting

WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized...

Web Directory Free < 1.7.3 - Local File Inclusion

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include, which could lead to Local File Inclusion issues. id: CVE-2024-3673 info: name: Web Directory Free 1.7.3 - Local File Inclusion author: s4e-io severity: critical description: | The Web...

Four-Faith F3x36 - Authentication Bypass

Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...

N-able N-central < 2024.2 - Authentication Bypass Detection

N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions. id: CVE-2024-28200 info: name: N-able N-central 2024.2 - Authentication Bypass Detection...

idcCMS V1.60 - Cross-Site Scripting

idcCMS V1.60 is vulnerable to reflected cross-site scripting XSS via the idName parameter in read.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2024-11587 info: name: idcCMS V1.60 - Cross-Site Scripting author: ritikchaddha severity:...

WP Triggers Lite - Cross-Site Scripting

WP Triggers Lite WordPress plugin v2.5.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

FastAdmin < V1.3.4.20220530 - Path Traversal

A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploi...

WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection

In the latest version 2.8.2 as of writing the article and below, the plugin is vulnerable to a SQL injection vulnerability that allows any users to execute arbitrary SQL queries in the database of the WordPress site. No privileges are required to exploit the issue. The vulnerability is unpatched ...

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting

FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. id: CVE-2017-20194 info...

AppServ Open Project <=2.5.10 - Cross-Site Scripting

AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...

Cisco Unified Communications Manager 7/8/9 - Directory Traversal

A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 id: CVE-2013-5528 info: name:...