Lucene search

K

Gwyn's Imagemap Selector Security Vulnerabilities

wpvulndb
wpvulndb

Dropdown Multisite selector < 0.9.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Dropdown multisite selector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

6.5CVSS

5.8AI Score

0.0004EPSS

2024-03-29 12:00 AM
5
cve
cve

CVE-2024-29910

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-27 07:15 AM
26
nvd
nvd

CVE-2024-29910

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-03-27 07:15 AM
cvelist
cvelist

CVE-2024-29910 WordPress Dropdown Multisite selector plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-03-27 06:58 AM
2
osv
osv

Malicious code in region-selector-content (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff0393e9f3a6a405065088df076729bb9436bdad64329c0f3eb1dfd8a5ad6638) The OpenSSF Package Analysis project identified 'region-selector-content' @ 99.3.0 (npm) as malicious. It is considered malicious because: The...

7.3AI Score

2024-03-21 01:32 AM
4
cvelist
cvelist

CVE-2024-26107 AMS/Cloud Services - childrenlist selector can be used to run various problematic AEM resources (retest 1497173 part 1)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

5.4CVSS

5.3AI Score

0.0004EPSS

2024-03-18 05:54 PM
osv
osv

BIT-mediawiki-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

5.3CVSS

6AI Score

0.001EPSS

2024-03-06 11:14 AM
6
osv
osv

BIT-drupal-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.5CVSS

6.5AI Score

0.004EPSS

2024-03-06 10:54 AM
9
osv
osv

BIT-drupal-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS....

6.5CVSS

6.5AI Score

0.004EPSS

2024-03-06 10:54 AM
12
openvas
openvas

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0338-1)

The remote host is missing an update for...

8.8CVSS

6.4AI Score

0.002EPSS

2024-03-04 12:00 AM
5
openvas
openvas

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0297-1)

The remote host is missing an update for...

8.8CVSS

9.4AI Score

0.245EPSS

2024-03-04 12:00 AM
4
openvas
openvas

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0298-1)

The remote host is missing an update for...

8.8CVSS

9.4AI Score

0.245EPSS

2024-03-04 12:00 AM
2
openvas
openvas

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0337-1)

The remote host is missing an update for...

8.8CVSS

6.3AI Score

0.002EPSS

2024-03-04 12:00 AM
3
openvas
openvas

openSUSE: Security Advisory for exim (openSUSE-SU-2024:0007-1)

The remote host is missing an update for...

7.5CVSS

6.9AI Score

0.007EPSS

2024-03-04 12:00 AM
1
openvas
openvas

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0068-1)

The remote host is missing an update for...

8.8CVSS

7.4AI Score

0.002EPSS

2024-03-04 12:00 AM
5
cve
cve

CVE-2024-26472

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

6AI Score

0.0004EPSS

2024-02-29 01:44 AM
2394
nvd
nvd

CVE-2024-26472

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

5.9AI Score

0.0004EPSS

2024-02-29 01:44 AM
prion
prion

Cross site scripting

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

6.1AI Score

0.0004EPSS

2024-02-29 01:44 AM
12
nessus
nessus

CentOS 9 : libreswan-4.9-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the libreswan-4.9-4.el9 build changelog. remote DoS via crafted TS payload with an incorrect selector length (rhbz#2173674) (CVE-2023-23009) pluto in Libreswan before 4.11...

7.5CVSS

7.5AI Score

0.001EPSS

2024-02-29 12:00 AM
3
cvelist
cvelist

CVE-2024-26472

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

6.1AI Score

0.0004EPSS

2024-02-27 12:00 AM
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...

9.8CVSS

7.4AI Score

0.001EPSS

2024-02-13 12:00 AM
16
osv
osv

BIT-liferay-2022-26593

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...

5.4CVSS

5.9AI Score

0.001EPSS

2024-01-31 03:21 PM
3
osv
osv

BIT-liferay-2023-33942

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...

5.4CVSS

5.7AI Score

0.001EPSS

2024-01-31 03:18 PM
1
osv
osv

BIT-liferay-2023-3426

The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all...

4.3CVSS

6.5AI Score

0.001EPSS

2024-01-31 03:17 PM
9
githubexploit
githubexploit

Exploit for Path Traversal in Ispyconnect Agent Dvr

AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution...

8.3AI Score

2024-01-27 03:36 PM
19
githubexploit
githubexploit

Exploit for CVE-2024-29384

CSS Exfil Protection PoC Test Page:...

7AI Score

0.0004EPSS

2024-01-21 01:33 PM
21
cve
cve

CVE-2024-22212

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....

9.8CVSS

9.4AI Score

0.001EPSS

2024-01-18 07:15 PM
52
osv
osv

CVE-2024-22212

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....

9.8CVSS

6.9AI Score

0.001EPSS

2024-01-18 07:15 PM
4
nvd
nvd

CVE-2024-22212

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....

9.8CVSS

9.5AI Score

0.001EPSS

2024-01-18 07:15 PM
prion
prion

Design/Logic Flaw

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....

9.8CVSS

7.2AI Score

0.001EPSS

2024-01-18 07:15 PM
4
cvelist
cvelist

CVE-2024-22212 Nextcloud global site selector authentication bypass

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....

9.6CVSS

9.8AI Score

0.001EPSS

2024-01-18 07:04 PM
nextcloud
nextcloud

Global site selector authentication bypass

Description Impact A problem in the password verification method allows an attacker to authenticate as another user. Patches It is recommended that the Nextcloud Global Site Selector is upgraded to 1.4.1, 2.1.2, 2.3.4 or 2.4.5 Workarounds No workaround available References HackerOne...

9.8CVSS

6.6AI Score

0.001EPSS

2024-01-18 08:32 AM
16
code423n4
code423n4

CM can delegatecall to any address and bypass all restrictions

Lines of code Vulnerability details Impact The GuardCM contract is designed to restrict the Community Multisig (CM) actions within the protocol to only specific contracts and methods. This is achieved by implementing a checkTransaction() method, which is invoked by the CM GnosisSafe before every...

8.2AI Score

2024-01-08 12:00 AM
7
code423n4
code423n4

TRANSACTION EXECUTION IS DoS IN THE CROSS-CHAIN GOVERNANCE CONTRACTS AND IN THE GNOSIS SAFE COMMUNITY MULTISIG TRANSACTION CHECKS SINCE THE WRONG payload IS EXTRACTED FROM THE data BYTES ARRAY

Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/main/governance/contracts/multisigs/GuardCM.sol#L236-L241 https://github.com/code-423n4/2023-12-autonolas/blob/main/governance/contracts/multisigs/GuardCM.sol#L192-L200...

7.4AI Score

2024-01-08 12:00 AM
3
wpexploit
wpexploit

Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS

Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS...

5.4CVSS

5.8AI Score

0.0004EPSS

2023-12-18 12:00 AM
40
wpvulndb
wpvulndb

Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS

Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. PoC 1. Login with a subscriber account, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete 2.....

5.4CVSS

5.4AI Score

0.0004EPSS

2023-12-18 12:00 AM
6
cvelist
cvelist

CVE-2023-48526 AMS XSS - initiateUpload selector (POST)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the.....

5.4CVSS

5.3AI Score

0.0005EPSS

2023-12-15 10:16 AM
qualysblog
qualysblog

Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm

Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...

8AI Score

2023-12-12 06:21 PM
9
code423n4
code423n4

Ocean cannot _mintBatch() as onERC1155BatchRecieved() not implemeneted on the Ocean contract when batch transferring to itself

Lines of code Vulnerability details The comment @ Ocean L348 states: The Ocean never initiates ERC1155 Batch Transfers. This is untrue, note the following callstack: Ocean.doMultipleInteractions | Ocean.forwardedDoMultipleInteractions &gt; Ocean._doMultipleInteractions (&gt;&gt; calls _mintBatch @ ...

7AI Score

2023-12-08 12:00 AM
3
redhat
redhat

(RHSA-2023:7639) Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug...

7AI Score

0.732EPSS

2023-12-04 05:38 PM
9
redhat
redhat

(RHSA-2023:7638) Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug...

7AI Score

0.732EPSS

2023-12-04 05:38 PM
11
redhat
redhat

(RHSA-2023:7637) Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug...

9.1AI Score

0.732EPSS

2023-12-04 05:37 PM
16
nessus
nessus

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 (RHSA-2023:7637)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7637 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

8.4AI Score

0.732EPSS

2023-12-04 12:00 AM
6
nessus
nessus

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 (RHSA-2023:7638)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7638 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

8.4AI Score

0.732EPSS

2023-12-04 12:00 AM
10
nessus
nessus

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 (RHSA-2023:7639)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7639 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

8.4AI Score

0.732EPSS

2023-12-04 12:00 AM
9
openvas
openvas

Debian: Security Advisory (DLA-3664-1)

The remote host is missing an update for the...

6.1CVSS

7.1AI Score

0.001EPSS

2023-11-27 12:00 AM
3
debian
debian

[SECURITY] [DLA 3664-1] symfony security update

Debian LTS Advisory DLA-3664-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 24, 2023 https://wiki.debian.org/LTS Package : symfony Version : 3.4.22+dfsg-2+deb10u3 CVE...

6.1CVSS

6AI Score

0.001EPSS

2023-11-24 06:22 PM
4
nessus
nessus

Debian DLA-3664-1 : symfony - LTS security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3664 advisory. Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions...

6.1CVSS

7AI Score

0.001EPSS

2023-11-24 12:00 AM
10
oraclelinux
oraclelinux

python27:2.7 security and bug fix update

babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...

6.1CVSS

6.5AI Score

0.001EPSS

2023-11-18 12:00 AM
19
oraclelinux
oraclelinux

python38:3.8 and python38-devel:3.8 security update

babel Cython mod_wsgi [4.6.8-5] - Remove rpath Resolves: rhbz#2213836 [4.6.8-4] - Core dumped upon file upload &gt;= 1GB Resolves: rhbz#2125171 [4.6.8-3] - Exclude unsupported i686 arch (rhbz#1779142) [4.6.8-2] - Adjusted for Python 3.8 module in RHEL 8 [4.6.8-1] - update to 4.6.8 (#1721376)...

6.1CVSS

6.9AI Score

0.025EPSS

2023-11-18 12:00 AM
6
Total number of security vulnerabilities1696