The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1674 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
7.1AI Score
EPSS
Description The Dropdown multisite selector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
6.5CVSS
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through...
6.5CVSS
9.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Malicious code in region-selector-content (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff0393e9f3a6a405065088df076729bb9436bdad64329c0f3eb1dfd8a5ad6638) The OpenSSF Package Analysis project identified 'region-selector-content' @ 99.3.0 (npm) as malicious. It is considered malicious because: The...
7.3AI Score
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...
5.4CVSS
5.3AI Score
0.0004EPSS
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...
5.4CVSS
5.7AI Score
0.0004EPSS
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...
5.3CVSS
6AI Score
0.001EPSS
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...
6.5CVSS
6.5AI Score
0.004EPSS
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS....
6.5CVSS
6.5AI Score
0.004EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0338-1)
The remote host is missing an update for...
8.8CVSS
6.4AI Score
0.002EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0337-1)
The remote host is missing an update for...
8.8CVSS
6.3AI Score
0.002EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0297-1)
The remote host is missing an update for...
8.8CVSS
9.4AI Score
0.245EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0298-1)
The remote host is missing an update for...
8.8CVSS
9.4AI Score
0.245EPSS
openSUSE: Security Advisory for exim (openSUSE-SU-2024:0007-1)
The remote host is missing an update for...
7.5CVSS
6.9AI Score
0.007EPSS
openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0068-1)
The remote host is missing an update for...
8.8CVSS
7.4AI Score
0.015EPSS
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...
6AI Score
0.0004EPSS
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...
5.9AI Score
0.0004EPSS
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...
6.1AI Score
0.0004EPSS
CentOS 9 : libreswan-4.9-4.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the libreswan-4.9-4.el9 build changelog. remote DoS via crafted TS payload with an incorrect selector length (rhbz#2173674) (CVE-2023-23009) pluto in Libreswan before 4.11...
7.5CVSS
7.5AI Score
0.001EPSS
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...
6.1AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
9.8CVSS
7.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...
5.4CVSS
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...
5.4CVSS
5.7AI Score
0.001EPSS
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all...
4.3CVSS
6.5AI Score
0.001EPSS
Exploit for Path Traversal in Ispyconnect Agent Dvr
AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution...
8.3AI Score
7AI Score
0.0004EPSS
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....
9.8CVSS
9.4AI Score
0.001EPSS
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....
9.8CVSS
9.5AI Score
0.001EPSS
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....
9.8CVSS
6.9AI Score
0.001EPSS
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....
9.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-22212 Nextcloud global site selector authentication bypass
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is....
9.6CVSS
9.8AI Score
0.001EPSS
Global site selector authentication bypass
Description Impact A problem in the password verification method allows an attacker to authenticate as another user. Patches It is recommended that the Nextcloud Global Site Selector is upgraded to 1.4.1, 2.1.2, 2.3.4 or 2.4.5 Workarounds No workaround available References HackerOne...
9.8CVSS
6.6AI Score
0.001EPSS
CM can delegatecall to any address and bypass all restrictions
Lines of code Vulnerability details Impact The GuardCM contract is designed to restrict the Community Multisig (CM) actions within the protocol to only specific contracts and methods. This is achieved by implementing a checkTransaction() method, which is invoked by the CM GnosisSafe before every...
8.2AI Score
Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/main/governance/contracts/multisigs/GuardCM.sol#L236-L241 https://github.com/code-423n4/2023-12-autonolas/blob/main/governance/contracts/multisigs/GuardCM.sol#L192-L200...
7.4AI Score
Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS
Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS...
5.4CVSS
5.8AI Score
0.0004EPSS
Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS
Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. PoC 1. Login with a subscriber account, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete 2.....
5.4CVSS
5.4AI Score
0.0004EPSS
CVE-2023-48526 AMS XSS - initiateUpload selector (POST)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the.....
5.4CVSS
5.3AI Score
0.0005EPSS
Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm
Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...
8AI Score
Lines of code Vulnerability details The comment @ Ocean L348 states: The Ocean never initiates ERC1155 Batch Transfers. This is untrue, note the following callstack: Ocean.doMultipleInteractions | Ocean.forwardedDoMultipleInteractions > Ocean._doMultipleInteractions (>> calls _mintBatch @ ...
7AI Score
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug...
7AI Score
0.732EPSS
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug...
7AI Score
0.732EPSS
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug...
9.1AI Score
0.732EPSS
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 (RHSA-2023:7639)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7639 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
8.4AI Score
0.732EPSS
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 (RHSA-2023:7637)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7637 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
8.4AI Score
0.732EPSS
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 (RHSA-2023:7638)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7638 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
8.4AI Score
0.732EPSS
6.1CVSS
7.1AI Score
0.001EPSS
[SECURITY] [DLA 3664-1] symfony security update
Debian LTS Advisory DLA-3664-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 24, 2023 https://wiki.debian.org/LTS Package : symfony Version : 3.4.22+dfsg-2+deb10u3 CVE...
6.1CVSS
6AI Score
0.001EPSS
Debian DLA-3664-1 : symfony - LTS security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3664 advisory. Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions...
6.1CVSS
7AI Score
0.001EPSS