114 matches found
CVE-2024-0902 Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting via Product Title
The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0902 Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting via Product Title
The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0902
CVE-2024-0902 affects the Fancy Product Designer WordPress plugin prior to 6.1.81. Root cause: the plugin does not sanitize and escape certain settings, allowing high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting even when unfiltered_html is disallowed (e.g., multisite). I...
WordPress Fancy Product Designer Plugin < 6.1.81 is vulnerable to Cross Site Scripting (XSS)
Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.81 Fixed in 6.1.81 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0902 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4fcfdb111964 Credits Bob Matyas Requir...
openSUSE 15 Security Update : python-Django (SUSE-SU-2024:0902-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:0902-1 advisory. - CVE-2024-27351: Fixed a regular expression DoS in django.utils.text.Truncator.words bsc1220358 Tenable has extracted the preceding description block direct...
CentOS 8 : webkit2gtk3 (CESA-2023:0902)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:0902 advisory. - A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura...
Malicious code in wlwz-2312-0902 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cdc210d785bc616d49e2ed29ecf4d66502a8ae5654e77a0930ad19e9e248a5fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-253 Malicious code in wlwz-2312-0902 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cdc210d785bc616d49e2ed29ecf4d66502a8ae5654e77a0930ad19e9e248a5fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Rocky Linux 8 : icu (RLSA-2020:0902)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:0902 advisory. - An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exist...
Oracle Linux 8 : icu (ELSA-2020-0902)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-0902 advisory. 60.3-2 - Apply ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch - Apply ICU-20958-Prevent-SEGVMAPERR-in-append.patch - Resolves: rhbz1808238 Tenable h...
BELL-CVE-2017-0902 CVE-2017-0902 does not affect BellSoft software
Bulletin has no description...
Employee Task Management System v1.0 - SQL Injection Vulnerability (2)
Exploit Title: Employee Task Management System v1.0 - SQL Injection on edit-task.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0902 mitre.org, nvd.nist.org Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task...
CVE-2023-0902
creationtimestamp| type| source ---|---|--- 2023-04-06 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51287 2023-04-06 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51292...
Employee Task Management System v1.0 - SQL Injection on edit-task.php
Exploit Title: Employee Task Management System v1.0 - SQL Injection on edit-task.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0902 mitre.org, nvd.nist.org Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Softwar...
Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)
Exploit Title: Simple Food Ordering System v1.0 - Cross-Site Scripting XSS Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1...
Rocky Linux 8 : webkit2gtk3 (RLSA-2023:0902)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0902 advisory. - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing...
Simple Food Ordering System 1.0 Cross Site Scripting
Simple Food Ordering System - Authenticated Reflected Cross Site Scripting Date: 17 February 2023 CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Author Email: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1.0...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Oracle Linux 8 : webkit2gtk3 (ELSA-2023-0902)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0902 advisory. 2.36.7-1.2 - Add patch for CVE-2023-23529 Resolves: 2170007 Tenable has extracted the preceding description block directly from the Oracle Linux security...
RHEL 8 : webkit2gtk3 (RHSA-2023:0902)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0902 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: processing maliciously crafted web...