The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Zafiyet ile ilgili Genel Bilgi, Etki…
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. Devamını Oku
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require(‘child_process’).exec(‘calc’);})();> Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when…
Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. Devamını Oku
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so.…
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel’s safe mode. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…