CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 2CVE-2013-4275
https://notcve.org/view.php?id=CVE-2013-4275
Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field. Vulnerabilidad de tipo Cross-Site Scripting (XSS) en la función zen_breadcrumb en el archivo template.php en el tema Zen versiones 6.x-1.x, versiones 7.x-3.x anteriores a la versión 7.x-3.2 y versiones 7.x-5.x anteriores a la versión 7.x-5.4 para Drupal, permite a usuarios autenticados remotos con el permiso "administer themes" para inyectar script web o HTML arbitrario por medio del campo breadcrumb separator. • http://seclists.org/fulldisclosure/2013/Aug/226 http://www.madirish.net/?article=452 http://www.openwall.com/lists/oss-security/2013/08/22/2 http://www.securityfocus.com/bid/61922 https://drupal.org/node/2071055 https://drupal.org/node/2071065 https://drupal.org/node/2071157 https://drupal.org/node/754000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-6104 – Wordpress Plugin Mobile App Native 3.0 <= 3.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. Vulnerabilidad de subida remota de archivos en el plugin Mobile App Native 3.0 de Wordpress. Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 in /zen-mobile-app-native/server/images.php file. WordPress plugins Zen App Mobile Native versions 3.0 and below, webapp-builder version 2.0, wp2android-turn-wp-site-into-android-app version 1.1.4, mobile-app-builder-by-wappress version 1.05, and mobile-friendly-app-builder-by-easytouch version 3.0 suffer from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/41540 http://www.securityfocus.com/bid/96547 http://www.vapidlabs.com/advisory.php?v=178 https://wpvulndb.com/vulnerabilities/8743 • CWE-287: Improper Authentication CWE-434: Unrestricted Upload of File with Dangerous Type CWE-732: Incorrect Permission Assignment for Critical Resource •