CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56232 – WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-56232
19 Dec 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Nice Loader de Alexander Volkov permite XSS almacenado. Este problema afecta a WP Nice Loader: desde n/a hasta 0.1.0.4. The WP Nice Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.4. This is due to missing or incorrect nonce... • https://patchstack.com/database/wordpress/plugin/wp-nice-loader/vulnerability/wordpress-wp-nice-loader-plugin-0-1-0-4-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 3CVE-2023-44061
https://notcve.org/view.php?id=CVE-2023-44061
06 Oct 2023 — File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Vulnerabilidad de carga de archivos en Simple and Nice Shopping Cart Script v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la función de carga en el componente de edición de perfil. • https://github.com/soundarkutty/CVE-2023-44061 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1497 – SourceCodester Simple and Nice Shopping Cart Script uploaderm.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-1497
19 Mar 2023 — A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. It has been rated as critical. This issue affects some unknown processing of the file uploaderm.php. The manipulation of the argument submit leads to unrestricted upload. The attack may be initiated remotely. • https://github.com/Decemberus/BugHub/blob/main/simple%20and%20beautiful%20shopping%20cart%20system%20uploaderm.php%20has%20a%20file%20upload%20vulnerability.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-2957 – SourceCodester Simple and Nice Shopping Cart Script profile.php sql injection
https://notcve.org/view.php?id=CVE-2022-2957
25 Aug 2022 — A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://s1.ax1x.com/2022/08/14/vUSruD.png • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2909 – SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload
https://notcve.org/view.php?id=CVE-2022-2909
20 Aug 2022 — A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. • https://s1.ax1x.com/2022/08/14/vUSyHH.png • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-2814 – SourceCodester Simple and Nice Shopping Cart Script login.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-2814
15 Aug 2022 — A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /mkshope/login.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://s1.ax1x.com/2022/08/13/vNcnHA.png • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2019-7727
https://notcve.org/view.php?id=CVE-2019-7727
26 Mar 2019 — In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable. En NICE Engage hasta la versión 6.5, la configuración predeterminada vincula una interfaz JMX/RMI no autenticada a todas... • http://seclists.org/fulldisclosure/2019/Apr/4 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4305
https://notcve.org/view.php?id=CVE-2014-4305
18 Jun 2014 — Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en NICE Recording eXpress (también conocido como Cybertech eXpress) 6.5.7 y anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/126858/NICE-Recording-eXpress-6.x-Root-Backdoor-XSS-Bypass.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4308
https://notcve.org/view.php?id=CVE-2014-4308
18 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to (2) iframe.picker.statchannels.asp, (3) iframe.picker.channelgroups.asp, (4) iframe.picker.extensions.asp, (5) iframe.picker.licenseusergroups.asp, (6) iframe.picker.licenseusers.asp, (7) iframe.picker.lookup.asp, or (8) iframe.picker.mar... • http://packetstormsecurity.com/files/126858/NICE-Recording-eXpress-6.x-Root-Backdoor-XSS-Bypass.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •