Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by....
7.3AI Score
0.0004EPSS
py-social-auth-app-django -- Improper Handling of Case Sensitivity
GitHub Advisory Database: Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This...
7.3AI Score
0.0004EPSS
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by....
5.1AI Score
0.0004EPSS
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will....
7AI Score
0.005EPSS
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site...
6AI Score
0.001EPSS
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site...
6AI Score
0.001EPSS
The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
6AI Score
0.001EPSS
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by....
5.2AI Score
0.0004EPSS
Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...
7.5AI Score
0.0004EPSS
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to...
7.2AI Score
0.001EPSS
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: ...
8.8CVSS
7AI Score
0.0005EPSS
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords......
7.1AI Score
0.001EPSS
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session....
7.1AI Score
0.001EPSS
social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in...
6.3AI Score
0.001EPSS
Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in...
7.2AI Score
0.003EPSS
SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL...
9.3AI Score
0.005EPSS
social-auth-app-django affected by Improper Handling of Case Sensitivity
Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix...
5.2AI Score
0.0004EPSS
SocialNetwork Cross-Site Scripting (XSS) vulnerability
A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in.....
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be...
5.4CVSS
6.6AI Score
0.001EPSS
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this.....
7.2CVSS
7.2AI Score
0.004EPSS
Improper Handling Of Case Sensitivity
social-auth-app-django is vulnerable to Improper Handling Of Case Sensitivity. The vulnerability is due to default case-insensitive collation in MySQL or MariaDB databases. This vulnerability could cause different IDs to match, resulting in Business Logic...
6.6AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user...
6.2AI Score
0.004EPSS
social-auth-app-django affected by Improper Handling of Case Sensitivity
Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix...
7.2AI Score
0.0004EPSS
SocialNetwork Cross-Site Scripting (XSS) vulnerability
A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in.....
6.1AI Score
0.001EPSS
Social Sharing Plugin – Social Warfare < 4.4.6 - Cross-Site Request Forgery
Description The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.5.1. This is due to missing or incorrect nonce validation on the options_page_scan_url() function. This makes it possible for...
6.6AI Score
0.0004EPSS
Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will...
5.5CVSS
6.1AI Score
0.001EPSS
Social Connect <= 1.2 - Authentication Bypass
Description The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated...
7.4AI Score
0.001EPSS
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.8AI Score
0.0004EPSS
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.9AI Score
0.0004EPSS
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server...
7.6AI Score
0.001EPSS
Social Share Icons & Social Share Buttons < 3.6.3 - Missing Authorization to Notice Dismissal
Description The Social Share Icons & Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 3.6.2. This makes it possible for unauthenticated attackers to dismiss...
6.6AI Score
Social Snap < 1.3.6 - Missing Authorization
Description The Social Snap plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in versions up to, and including, 1.3.5. This makes it possible for unauthenticated attackers to modify the plugin's...
6.9AI Score
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....
9.8CVSS
7.3AI Score
0.001EPSS
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted...
6.3AI Score
0.001EPSS
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary...
6.6AI Score
0.001EPSS
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific...
6.1CVSS
6.6AI Score
0.002EPSS
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to...
6.5AI Score
0.001EPSS
Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. As an administrator,...
5.4AI Score
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary...
6.5AI Score
0.001EPSS
Easy Social Feed < 6.5.7 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
5.6AI Score
0.0004EPSS
Description The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes......
5.8AI Score
0.001EPSS
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...
5.1AI Score
0.0004EPSS
Sticky Social Link <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Sticky Social Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
6AI Score
0.0004EPSS
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific...
6.1CVSS
6.6AI Score
0.001EPSS
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web...
6.1CVSS
6.6AI Score
0.005EPSS
7AI Score
An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php...
8.4AI Score
0.0004EPSS
Heateor Social Login WordPress < 1.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,.....
5.8AI Score
0.0004EPSS