#php

XEL CMS version 1.1 suffers from a cross site request forgery vulnerability.

Inout Search Engine AI Edition version 1.1 suffers from a cross site scripting vulnerability.

Strawberry version 1.1.9 suffers from a cross site scripting vulnerability.

Rest-Cafe and Restaurant Website CMS version 2.0.0 suffers from a cross site scripting vulnerability.

phpFK version 9.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.

ArabInfotech CMS version 2.0.1 suffers from a cross site scripting vulnerability.

AngularJS Filemanager version 1.5.1 suffers from a remote shell upload vulnerability.

Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a remote file inclusion vulnerability.

Amazon S3 Droppy version 1.4.6 suffers from a remote shell upload vulnerability.

The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.