129 matches found
CVE-2024-54413
Cross-Site Request Forgery CSRF vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through = 0.2.3...
CVE-2024-54413
Cross-Site Request Forgery CSRF vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through = 0.2.3...
CVE-2024-54413 WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery CSRF vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3...
PT-2024-36301 · Unknown · Display Future Posts
Name of the Vulnerable Software and Affected Versions: Display Future Posts versions n/a through 0.2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...
WordPress plugin Display Future Posts 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the...
WordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerability
CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Display Future Posts versions = 0.2.3...
ESLint Rewrite 安全漏洞
ESLint Rewrite is an ESLint open source application. A security vulnerability exists in ESLint Rewrite versions prior to 0.2.3, which stems from improper input cleanup and is susceptible to regular expression denial of service attacks...
Malicious code in @maas-themes/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4481efc3fc653e0e4e03b7769498d8a50b20b1df2d61d153c2b48818711b789d The OpenSSF Package Analysis project identified '@maas-themes/config' @ 0.2.3 npm as malicious. It is considered malicious because: - The packag...
CVE-2024-33531
cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...
CVE-2024-33531
CVE-2024-33531 affects lua-resty-jwt 0.2.3, allowing attackers to bypass all JWT-signature checks by crafting a token with an enc header value of A256GCM. The issue is documented across multiple IBM advisories and CVE aggregations, with no public exploitation details provided in the sources. Reme...
upydevice (>=0.0.1 <=0.2.3) potentially affected by CVE-2023-48051 via upydev (>=0.1.7 <=0.3.3)
upydev PYPI version =0.1.7, =0.0.1, =0.2.3 Source cves: CVE-2023-48051 Source advisory: OSV:PYSEC-2023-302...
CVE-2023-45628
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in QROkes QR Twitter Widget plugin = 0.2.3 versions...
CVE-2023-45628
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in QROkes QR Twitter Widget plugin = 0.2.3 versions...
CVE-2023-40571 weblogic-framework Deserialization of Untrusted Data vulnerability
weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the...
GHSA-CCRC-9X59-3VC4 requests-xml XML External Entity Injection vulnerability
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
PYSEC-2023-96
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
Requests-XML 代码问题漏洞
Requests-XML is a library for parsing XML from the individual developers at erinxocon. A security vulnerability exists in requests-xml version v0.2.3, which stems from the inclusion of an XML External Entity Injection XXE vulnerability that allows an attacker to execute arbitrary code via a craft...
CVE-2023-25452
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Michael Pretty prettyboymp CMS Press plugin = 0.2.3 versions...
PT-2023-21905 · Dino +2 · Dino +2
Name of the Vulnerable Software and Affected Versions: Dino versions prior to 0.2.3 Dino versions 0.3.x prior to 0.3.2 Dino versions 0.4.x prior to 0.4.2 Description: The issue allows attackers to modify the personal bookmark store via a crafted message. This can lead to changing the display of...
SUSE CVE-2013-2166
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...