|
249581
|
5.4 |
MEDIUM
Network
|
responsive_cookie_consent_project
|
responsive_cookie_consent
|
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10309
|
2024-11-21 12:41 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249582
|
9.8 |
CRITICAL
Network
|
simplemachines
|
simple_machines_forum
|
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass int…
|
NVD-CWE-noinfo
|
CVE-2018-10305
|
2024-11-21 12:41 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249583
|
8.8 |
HIGH
Network
|
foxitsoftware
|
phantompdf
foxit_reader
|
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.
|
CWE-416
Use After Free
|
CVE-2018-10303
|
2024-11-21 12:41 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249584
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
foxit_reader
|
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9.
|
CWE-416
Use After Free
|
CVE-2018-10302
|
2024-11-21 12:41 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249585
|
6.1 |
MEDIUM
Network
|
web-dorado
|
wd_instagram_feed
|
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloa…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10301
|
2024-11-21 12:41 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249586
|
6.1 |
MEDIUM
Network
|
web-dorado
|
wd_instagram_feed
|
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10300
|
2024-11-21 12:41 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249587
|
4.8 |
MEDIUM
Network
|
ultimatemember
|
user_profile_\&_membership
|
Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_opti…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10234
|
2024-11-21 12:41 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249588
|
8.8 |
HIGH
Network
|
ultimatemember
|
user_profile_\&_membership
|
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
|
CWE-352
Origin Validation Error
|
CVE-2018-10233
|
2024-11-21 12:41 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249589
|
7.5 |
HIGH
Network
|
beauty
|
beauty_ecosystem_coin
|
An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attacke…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-10299
|
2024-11-21 12:41 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249590
|
5.4 |
MEDIUM
Network
|
discuz
|
discuzx
|
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10298
|
2024-11-21 12:41 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
