Show filters
252 Total Results
Displaying 41-50 of 252
Sort by:
Attacker Value
Unknown

CVE-2021-36790

Disclosure Date: August 13, 2021 (last updated February 23, 2025)
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.
Attacker Value
Unknown

CVE-2021-38302

Disclosure Date: August 13, 2021 (last updated February 23, 2025)
The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.
Attacker Value
Unknown

CVE-2021-36792

Disclosure Date: August 13, 2021 (last updated February 23, 2025)
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
Attacker Value
Unknown

CVE-2020-21976

Disclosure Date: August 11, 2021 (last updated February 23, 2025)
An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.
Attacker Value
Unknown

CVE-2021-34634

Disclosure Date: July 31, 2021 (last updated February 23, 2025)
The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23.
Attacker Value
Unknown

CVE-2021-24342

Disclosure Date: June 07, 2021 (last updated February 22, 2025)
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
Attacker Value
Unknown

CVE-2020-29241

Disclosure Date: January 26, 2021 (last updated February 22, 2025)
Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter.
Attacker Value
Unknown

CVE-2020-35933

Disclosure Date: January 01, 2021 (last updated February 22, 2025)
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.
Attacker Value
Unknown

CVE-2020-25472

Disclosure Date: November 24, 2020 (last updated February 22, 2025)
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.
Attacker Value
Unknown

CVE-2020-25473

Disclosure Date: November 24, 2020 (last updated February 22, 2025)
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.