18 matches found
WordPress plugin Giveaways and Contests by RafflePress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Giveaways and Contests by RafflePress Plugin < 1.12.16 is vulnerable to Cross Site Scripting (XSS)
Software Giveaways and Contests by RafflePress Type Plugin Vulnerable versions 1.12.16 Fixed in 1.12.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c69947535c2d Credits...
PT-2024-37928 · WordPress · Giveaways/Contests By Rafflepress
Name of the Vulnerable Software and Affected Versions: Giveaways and Contests by RafflePress WordPress plugin versions prior to 1.12.16 Description: The issue concerns the Giveaways and Contests by RafflePress WordPress plugin, which does not properly sanitise and escape some of its Giveaways...
Sylius 跨站脚本漏洞
Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. A cross-site scripting vulnerability exists in Sylius versions 1.12.16 and prior to 1.13.1, which can be exploited to execute javascript code in the admin panel...
CVE-2024-34349 Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...
PT-2024-25805 · Sylius · Sylius
Name of the Vulnerable Software and Affected Versions: Sylius versions prior to 1.12.16 and 1.13.1 Description: There is a possibility to execute javascript code in the Admin panel. To perform an XSS attack, input a script into the Name field in which of the resources: Taxons, Products, Product...
PT-2024-22871
Name of the Vulnerable Software and Affected Versions: Sylius versions 1.12.13 through 1.12.15 Sylius versions prior to 1.13.1 Description: The issue is related to Cross Site Scripting XSS via the "Province" field in Address Book. There is a possibility to save XSS code in the province field in t...
BIT-GOLANG-2020-7919
Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...
SUSE CVE-2020-7919
Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...
Improper Certificate Validation
Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of...
CVE-2020-7919
Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...
CVE-2020-7919
Removed by vendor...
Google Go Trust Management Issues Vulnerability (CNVD-2020-33729)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Google Go version 1.12.16 and versions prior to 1.13.7 in versions prior to 1.13.x in crypto/cryptobyte package 0.0.0-20200124225646-8b5121be2f6...
Fedora 30 : 1:dbus (2019-d5ded5326b)
Update to 1.12.16 Fix CVE-2019-12749 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
PT-2020-5868 · Go +1 · Crypto/X509 +5
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.12.16 Go versions 1.13.x prior to 1.13.7 crypto/cryptobyte package versions prior to 0.0.0-20200124225646-8b5121be2f68 Description: The issue is related to errors in the certificate authentication procedure in the...
dbus authentication bypass vulnerability
D-Bus is an inter-process communication mechanism provided by the freedesktop.org project and distributed under the GPL license. An authentication bypass vulnerability exists in dbus versions prior to 1.10.28, 1.12.x prior to 1.12.16, and 1.13.x prior to 1.13.12 in Ubuntu. The vulnerability stems...
Zend Framework PDO Adapter Arbitrary Command Execution Vulnerability
Zend Framework ZF is an open source PHP5 development framework for developing web applications and services. In versions prior to Zend Framework 1.12.16, the PDO adapter does not filter null characters within SQL statements, which allows remote attackers to execute arbitrary SQL commands via a...
Fedora 21 : php-ZendFramework-1.12.16-1.fc21 (2015-f1e18131bc)
Update to 1.12.16 - fixes CVE-2015-5161: http://framework.zend.com/security/advisory/ZF2015-06 - fixes CVE-2015-5723: http://framework.zend.com/security/advisory/ZF2015-07 - removed services: DeveloperGarden, Technorati Note that Tenable Network Security has extracted the preceding description...