Show filters
54 Total Results
Displaying 41-50 of 54
Sort by:
Attacker Value
Unknown

CVE-2015-9306

Disclosure Date: August 12, 2019 (last updated November 27, 2024)
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
0
0
Attacker Value
Unknown

CVE-2019-20077

Disclosure Date: June 19, 2019 (last updated February 21, 2025)
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-16626

Disclosure Date: May 13, 2019 (last updated November 27, 2024)
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
0
0
Attacker Value
Unknown

CVE-2018-16625

Disclosure Date: May 13, 2019 (last updated November 27, 2024)
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
0
0
Attacker Value
Unknown

CVE-2018-16639

Disclosure Date: May 13, 2019 (last updated November 27, 2024)
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
0
0
Attacker Value
Unknown

CVE-2018-20837

Disclosure Date: May 09, 2019 (last updated November 27, 2024)
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
0
0
Attacker Value
Unknown

CVE-2018-6888

Disclosure Date: February 12, 2018 (last updated November 26, 2024)
An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.
0
0
Attacker Value
Unknown

CVE-2018-6889

Disclosure Date: February 12, 2018 (last updated November 26, 2024)
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.
0
0
Attacker Value
Unknown

CVE-2014-4524

Disclosure Date: July 02, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in classes/custom-image/media.php in the WP Easy Post Types plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ref parameter.
0
0
Attacker Value
Unknown

CVE-2007-6220

Disclosure Date: December 04, 2007 (last updated October 04, 2023)
typespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error.
0
0
View More Topics  < Previous  Next >