Lucene search
K

18 matches found

CNNVD
CNNVD
added 2024/09/12 12:0 a.m.6 views

WordPress plugin Giveaways and Contests by RafflePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.8CVSS6.6AI score0.00353EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/09/12 12:0 a.m.13 views

WordPress Giveaways and Contests by RafflePress Plugin < 1.12.16 is vulnerable to Cross Site Scripting (XSS)

Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions 1.12.16 Fixed in 1.12.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c69947535c2d Credits...

4.8CVSS5.8AI score0.00353EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.9 views

PT-2024-37928 · WordPress · Giveaways/Contests By Rafflepress

Name of the Vulnerable Software and Affected Versions: Giveaways and Contests by RafflePress WordPress plugin versions prior to 1.12.16 Description: The issue concerns the Giveaways and Contests by RafflePress WordPress plugin, which does not properly sanitise and escape some of its Giveaways...

4.8CVSS6AI score0.00353EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

Sylius 跨站脚本漏洞

Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. A cross-site scripting vulnerability exists in Sylius versions 1.12.16 and prior to 1.13.1, which can be exploited to execute javascript code in the admin panel...

4.8CVSS5AI score0.0044EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/10 3:29 p.m.20 views

CVE-2024-34349 Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel

Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...

4.8CVSS6.4AI score0.0044EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.5 views

PT-2024-25805 · Sylius · Sylius

Name of the Vulnerable Software and Affected Versions: Sylius versions prior to 1.12.16 and 1.13.1 Description: There is a possibility to execute javascript code in the Admin panel. To perform an XSS attack, input a script into the Name field in which of the resources: Taxons, Products, Product...

4.8CVSS6.4AI score0.0044EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.8 views

PT-2024-22871

Name of the Vulnerable Software and Affected Versions: Sylius versions 1.12.13 through 1.12.15 Sylius versions prior to 1.13.1 Description: The issue is related to Cross Site Scripting XSS via the "Province" field in Address Book. There is a possibility to save XSS code in the province field in t...

6.4CVSS6AI score0.0042EPSS
Exploits1References9
OSV
OSV
added 2024/03/06 11:6 a.m.32 views

BIT-GOLANG-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...

7.8CVSS7.4AI score0.02582EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...

7.5CVSS8.6AI score0.02582EPSS
Exploits0References3
Snyk
Snyk
added 2022/07/06 6:23 p.m.4 views

Improper Certificate Validation

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of...

8.7CVSS6.8AI score0.02582EPSS
Exploits0References3
NVD
NVD
added 2020/03/16 9:15 p.m.16 views

CVE-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...

7.8CVSS7.4AI score0.02582EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2020/03/16 8:55 p.m.32 views

CVE-2020-7919

Removed by vendor...

7.8CVSS7.1AI score0.02582EPSS
Exploits0
CNVD
CNVD
added 2020/03/11 12:0 a.m.3 views

Google Go Trust Management Issues Vulnerability (CNVD-2020-33729)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Google Go version 1.12.16 and versions prior to 1.13.7 in versions prior to 1.13.x in crypto/cryptobyte package 0.0.0-20200124225646-8b5121be2f6...

7.8CVSS9AI score0.02582EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/06/19 12:0 a.m.25 views

Fedora 30 : 1:dbus (2019-d5ded5326b)

Update to 1.12.16 Fix CVE-2019-12749 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

7.1CVSS7.1AI score0.00555EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/06/18 12:0 a.m.10 views

PT-2020-5868 · Go +1 · Crypto/X509 +5

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.12.16 Go versions 1.13.x prior to 1.13.7 crypto/cryptobyte package versions prior to 0.0.0-20200124225646-8b5121be2f68 Description: The issue is related to errors in the certificate authentication procedure in the...

7.8CVSS6.6AI score0.0473EPSS
Exploits0References50
CNVD
CNVD
added 2019/06/14 12:0 a.m.3 views

dbus authentication bypass vulnerability

D-Bus is an inter-process communication mechanism provided by the freedesktop.org project and distributed under the GPL license. An authentication bypass vulnerability exists in dbus versions prior to 1.10.28, 1.12.x prior to 1.12.16, and 1.13.x prior to 1.13.12 in Ubuntu. The vulnerability stems...

7.1CVSS9.5AI score0.00555EPSS
Exploits0References1
CNVD
CNVD
added 2016/06/08 12:0 a.m.5 views

Zend Framework PDO Adapter Arbitrary Command Execution Vulnerability

Zend Framework ZF is an open source PHP5 development framework for developing web applications and services. In versions prior to Zend Framework 1.12.16, the PDO adapter does not filter null characters within SQL statements, which allows remote attackers to execute arbitrary SQL commands via a...

9.8CVSS8.2AI score0.02972EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.61 views

Fedora 21 : php-ZendFramework-1.12.16-1.fc21 (2015-f1e18131bc)

Update to 1.12.16 - fixes CVE-2015-5161: http://framework.zend.com/security/advisory/ZF2015-06 - fixes CVE-2015-5723: http://framework.zend.com/security/advisory/ZF2015-07 - removed services: DeveloperGarden, Technorati Note that Tenable Network Security has extracted the preceding description...

7.8CVSS7.4AI score0.09911EPSS
Exploits7References10
Rows per page
Query Builder