NotCVE - vendor:"Icegram" product:"Icegram Engage" version:" <= 2.0.2"

Page 2 of 7 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10962 – Icegram <= 1.9.18 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2016-10962

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter. El plugin icegram versiones anteriores a 1.9.19 para WordPress, presenta una vulnerabilidad de tipo CSRF por medio del parámetro option_name del archivo wp-admin/edit.php. • https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_icegram_wordpress_plugin.html https://wordpress.org/plugins/icegram/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10963 – Icegram <= 1.9.18 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2016-10963

The icegram plugin before 1.9.19 for WordPress has XSS. El plugin icegram versiones anteriores a 1.9.19 para WordPress, presenta una vulnerabilidad de tipo XSS. The icegram plugin before 1.9.19 for WordPress has XSS in 'message' parameter. • https://wordpress.org/plugins/icegram/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2