CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24699 – Chamber Dashboard Business Directory < 3.3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-24699
The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. El plugin Chamber Dashboard Business Directory versión 3.2.8 para WordPress, presenta una vulnerabilidad de tipo XSS The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://l0l.xyz/sec/2020/08/31/1-wordpress-crm-xss.html https://wordpress.org/plugins/chamber-dashboard-business-directory/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19830
https://notcve.org/view.php?id=CVE-2018-19830
The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity. La función UBSexToken() de una implementación del contrato inteligente para Business Alliance Círculo Financiero (BAFC), un token de Ethereum ERC20 comercializable, permite a un atacante cambiar el propietario del contrato, ya que la función es pública (por defecto) y no comprueba la década de las personas que llaman. • https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts%28CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834%29/README.md • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4599 – WP-Business Directory <= 1.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4599
Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter. Múltiples vulnerabilidades de XSS en forms/search.php en el plugin WP-Business Directory (wp-ttisbdir) 1.0.2 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) edit, (2) search_term, (3) page_id, (4) page, o (5) page_links. • http://codevigilant.com/disclosure/wp-plugin-wp-ttisbdir-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3943
https://notcve.org/view.php?id=CVE-2007-3943
SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en Infinite Responder versiones anteriores a 1.48 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://secunia.com/advisories/26008 http://sourceforge.net/project/shownotes.php?release_id=523684&group_id=199618 http://www.securityfocus.com/bid/24931 https://exchange.xforce.ibmcloud.com/vulnerabilities/35452 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2316
https://notcve.org/view.php?id=CVE-2007-2316
Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." Vulnerabilidad no especificada en el script de administración de Open Business Management (OBM) versiones anteriores a 2.0.0 permite a atacantes remotos tener un impacto desconocido al llamar al script "en modo txt desde un navegador". • http://obm.aliasource.org/changelogs/changelog-2.0.html http://osvdb.org/34899 http://secunia.com/advisories/24775 http://www.securityfocus.com/bid/23472 http://www.vupen.com/english/advisories/2007/1376 •