NotCVE - vendor:"Activity Log Project" product:"Activity Log" version:"

5 results (0.033 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2

CVE-2023-4281 – Activity Log < 2.8.8 - IP Spoofing

https://notcve.org/view.php?id=CVE-2023-4281

01 Sep 2023 — This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. Este complemento de WordPress de registro de actividad anterior a 2.8.8 recupera direcciones IP de clientes de encabezados potencialmente no confiables, lo que permite a un atacante manipular su valor. Esto puede usarse para ocultar la fuente del tráfico malicioso. The Activity Log plugin for ... • https://github.com/b0marek/CVE-2023-4281 • CWE-348: Use of Less Trusted Source •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27858 – WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability

https://notcve.org/view.php?id=CVE-2022-27858

26 Sep 2022 — CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Vulnerabilidad de inyección CSV en Activity Log Team Activity Log de Wordpress en versiones <= 2.8.3. The Activity Log plugins for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.8.3. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configura... • https://patchstack.com/database/vulnerability/aryo-activity-log/wordpress-activity-log-plugin-2-8-3-csv-injection-vulnerability?_s_id=cve • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-8729 – Activity Log <= 2.4.0 - Multiple Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-8729

08 Mar 2018 — Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. Múltiples vulnerabilidades Cross-Site Scripting (XSS) en el plugin Activity Log en versiones anteriores a la 2.4.1 para WordPress permiten que los atacantes remotos inyecten código HTML o JavaScript arbitrario mediante un título que no está escapado. WordPress Activity Log plugin version 2.4.0 suffers from a p... • https://www.exploit-db.com/exploits/44409 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10890 – Activity Log <= 2.3.2 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2016-10890

03 Aug 2016 — The aryo-activity-log plugin before 2.3.2 for WordPress has XSS. El plugin aryo-activity-log anterior a la versión 2.3.2 para WordPress tiene XSS. The Activity Log plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into perform... • https://wordpress.org/plugins/aryo-activity-log/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10891 – Activity Log < 2.3.3 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2016-10891

03 Aug 2016 — The aryo-activity-log plugin before 2.3.3 for WordPress has XSS. El plugin aryo-activity-log anterior a la versión 2.3.3 para WordPress tiene XSS. The aryo-activity-log plugin before 2.3.3 for WordPress has XSS in the search_data parameter in the aryo-activity-log/classes/class-aal-activity-log-list-table.php file. • https://wordpress.org/plugins/aryo-activity-log/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •