10 matches found
CVE-2019-12591
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection...
CVE-2024-12591
creationtimestamp| type| source ---|---|--- 2024-12-21 09:42:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113690158417673754 2024-12-21 10:15:30+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso7k43ha2i 2024-12-21 11:59:17+00:00| seen|...
CVE-2024-12591 MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode
The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbsharesocial shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-12591
CVE-2024-12591 concerns the WordPress plugin MagicPost . A stored XSS vulnerability exists in the wb_share_social shortcode across versions up to 1.2.1, enabling authenticated attackers with contributor-level access or higher to inject scripts that execute in visitors’ browsers. The issue is caus...
CVE-2020-12591
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...
CVE-2019-12591
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection...
CVE-2019-12591
NETGEAR Insight Cloud vulnerable before Insight 5.6. Remote authenticated users can perform command injection due to input handling during executable command construction. This is tied to NETGEAR Insight Cloud firmware prior to 5.6. The vulnerability is documented across multiple sources (NVD and...
CVE-2018-12591
The CVE-2018-12591 entry concerns Ubiquiti Networks EdgeSwitch, affected in 1.7.3 and earlier. The root cause is an improperly neutralized element in an OS command due to insufficient protection on the admin CLI, enabling code execution and privilege escalation beyond administrator rights. An att...
CVE-2017-12591
CVE-2017-12591 affects ASUS DSL-N10S V2.1.16_APAC. The vulnerability is a cross‑site scripting (XSS) flaw in the snmpSysName parameter, allowing reflected and stored XSS on the device. Root cause: improper handling of the snmpSysName input. Impact is described as XSS with low to medium overall se...
CVE-2020-12591
CVE-2020-12591 entry is rejected and not used; not an active vulnerability entry.