CVE-2015-9385
The quotes-and-tips plugin before 1.20 for WordPress has XSS.
Source: CVE-2015-9385
[월:] 2019년 09월
CVE-2015-9388
CVE-2015-9388
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
Source: CVE-2015-9388
CVE-2015-9387
CVE-2015-9387
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.
Source: CVE-2015-9387
CVE-2015-9386
CVE-2015-9386
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.
Source: CVE-2015-9386
CVE-2015-9384
CVE-2019-15089
CVE-2019-15089
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
Source: CVE-2019-15089
CVE-2019-14916
CVE-2019-14916
An issue was discovered in PRiSE adAS 1.7.0. A file’s format is not properly checked, leading to an unrestricted file upload.
Source: CVE-2019-14916
CVE-2019-15086
CVE-2019-15086
An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.
Source: CVE-2019-15086
CVE-2019-15085
CVE-2019-15085
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.
Source: CVE-2019-15085
CVE-2019-15088
CVE-2019-15088
An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.
Source: CVE-2019-15088