CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28750 – WordPress Albo Pretorio Online Plugin <= 4.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28750
27 Mar 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Errore’ parameter in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unauth. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2008-0184 – SysHotel On Line System - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-0184
09 Jan 2008 — Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. Vulnerabilidad de salto de directorio en index.php de Sys-Hotel on Line System, permite que atacantes remotos lean ficheros arbitrariamente usando un "/" ("%2F") codificado en el parámetro file. • https://www.exploit-db.com/exploits/31000 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-0196
https://notcve.org/view.php?id=CVE-2006-0196
13 Jan 2006 — Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow. • http://secunia.com/advisories/18497 •