Kategori: NIST-Güvenlik Açıkları

CVE-2021-24704

In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in “admin/orange-form-email.php” performs an unprepared SQL query with an unsanitized parameter ($id). Only admin…

Devamını oku

CVE-2021-24730

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated…

Devamını oku

CVE-2022-26159

The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages),…

Devamını oku

CVE-2021-43945

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored…

Devamını oku