CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38361 – .htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38361
13 Dec 2021 — The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1. El plugin .htaccess Redirect de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro link encontrado en el archivo ~/htaccess-redirect.php que permite a atacantes inyectar scripts web arbitrarios, en versiones hasta la... • https://plugins.trac.wordpress.org/browser/htaccess-redirect/trunk/htaccess-redirect.php#L249 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3349
https://notcve.org/view.php?id=CVE-2015-3349
21 Apr 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors. Múltiples vulnerabilidades de CSRF en el módulo Htaccess anterior a 7.x-2.3 para Drupal permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) desplieguen o (2) eliminan un fichero .htaccess a través de... • http://www.openwall.com/lists/oss-security/2015/01/29/6 • CWE-352: Cross-Site Request Forgery (CSRF) •