CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38361 – .htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38361
The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1. El plugin .htaccess Redirect de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro link encontrado en el archivo ~/htaccess-redirect.php que permite a atacantes inyectar scripts web arbitrarios, en versiones hasta la 0.3.1 incluyéndola • https://plugins.trac.wordpress.org/browser/htaccess-redirect/trunk/htaccess-redirect.php#L249 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3349
https://notcve.org/view.php?id=CVE-2015-3349
Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors. Múltiples vulnerabilidades de CSRF en el módulo Htaccess anterior a 7.x-2.3 para Drupal permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) desplieguen o (2) eliminan un fichero .htaccess a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/01/29/6 http://www.securityfocus.com/bid/71928 https://www.drupal.org/node/2402825 https://www.drupal.org/node/2403445 • CWE-352: Cross-Site Request Forgery (CSRF) •