PT-2024-24305 · Woocommerce · Extra Product Options Builder For Woocommerce

Name of the Vulnerable Software and Affected Versions: Extra Product Options Builder for WooCommerce versions 1.2.104 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.103 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.103 Fixed in 1.2.104 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46076 Patch priority High CVSS severity High 7.1 Developer Edgar Rojas PSID e196625e8b7e Credits LEE S...

Cherokee Web Server 0.4.27 <= 1.2.104 DoS Vulnerability

Cherokee Web Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cherokee Code Issue Vulnerability

Cherokee is an open source web server. A security vulnerability exists in Cherokee versions 0.4.27 through 1.2.104. A remote attacker can exploit this vulnerability to cause the server to crash denial of service with a specially crafted HTTP request...

PT-2020-13290 · Alvaro Lopez Ortega · Cherokee

Name of the Vulnerable Software and Affected Versions: Cherokee versions 0.4.27 through 1.2.104 Description: The issue is a denial of service caused by NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a...

Default configuration

An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...

PT-2020-10768 · Cherokee · Cherokee

Name of the Vulnerable Software and Affected Versions: Cherokee versions 1.2.104 and earlier Description: A cross-site scripting XSS issue was discovered in the handler server info.c file. The requested URL is improperly displayed on the About page in the default configuration of the web server a...

PT-2020-10770 · Cherokee · Cherokee

Name of the Vulnerable Software and Affected Versions: Cherokee versions 1.2.104 and earlier Description: The issue allows remote attackers to trigger an out-of-bounds write in cherokee handler cgi add env pair in handler cgi.c by sending many request headers, as demonstrated by a GET request wit...