4 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.5 para Craft CMS. Una vulnerabilidad de tipo CSRF afecta la integridad de los comentarios • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.6 para Craft CMS. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de un nombre de invitado • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.5 para Craft CMS. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de un nombre de volumen de activo • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el componente Phil Taylor Comments (com_comments, también conocido como Review Script) 0.5.8.5g y anteriores para Mambo. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/5094 http://www.securityfocus.com/bid/27731 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •