|
247111
|
4.3 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed …
|
CWE-352
Origin Validation Error
|
CVE-2018-1000514
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247112
|
6.1 |
MEDIUM
Network
|
galaxyproject
|
galaxy
|
The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sani…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000516
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247113
|
4.8 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have b…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000513
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247114
|
6.1 |
MEDIUM
Network
|
tooltipy_project
|
tooltipy
|
Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000512
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247115
|
7.5 |
HIGH
Network
|
wpulike
|
ulike
|
WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via A…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000511
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247116
|
6.5 |
MEDIUM
Network
|
silkypress
|
image_zoom
|
WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Ca…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000510
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247117
|
7.2 |
HIGH
Network
|
redirection
|
redirection
|
Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circu…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000509
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247118
|
4.8 |
MEDIUM
Network
|
wpulike
|
ulike
|
WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear …
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000508
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247119
|
6.5 |
MEDIUM
Network
|
jjj
|
wp_user_groups
|
WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exp…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000507
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247120
|
8.8 |
HIGH
Network
|
mediaron
|
metronet_tag_manager
|
Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000506
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
