203 matches found
CVE-2023-48307
The CVE-2023-48307 entry describes a Server-Side Request Forgery (SSRF) flaw in the Nextcloud Mail app. Affected are Nextcloud Mail versions starting from 1.13.0 up to, but not including, 2.2.8 and up to, but not including, 3.3.0. An attacker can abuse an unprotected endpoint in the Mail app to p...
WordPress wpForo Forum Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software wpForo Forum Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2023-47870 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5ba347a4983e Credits Jesse McNeil Required...
PrestaShop SQL Injection Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop extratabspro versions prior to 2.2.8 that stems from the...
CVE-2023-39165
Cross-Site Request Forgery CSRF vulnerability in Fetch Designs Sign-up Sheets plugin = 2.2.8 versions...
CVE-2022-45372
Cross-Site Request Forgery CSRF vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin = 2.2.8 versions...
WordPress Plugin Product Gallery Slider for WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2023-14659 · Woocommerce · Codeixer Product Gallery Slider For Woocommerce
Name of the Vulnerable Software and Affected Versions: Codeixer Product Gallery Slider for WooCommerce plugin versions = 2.2.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application...
eDEX-UI 访问控制错误漏洞
eDEX-UI is a full-screen, cross-platform terminal emulator and system monitor from the individual developer Gabriel Saillard in France. A security vulnerability exists in eDEX-UI version 2.2.8 and prior versions, which stems from vulnerability to cross-site web hijacking, where a malicious websit...
PT-2023-23012
Name of the Vulnerable Software and Affected Versions eDEX-UI versions 2.2.8 and prior Description eDEX-UI is a science fiction terminal emulator that is vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal...
CVE-2022-41785
Auth. contributor+ Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin = 2.2.8 versions...
CVE-2022-41785 WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin = 2.2.8 versions...
WordPress Plugin Galleryape Gallery Images Ape 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress WP Express Checkout (Accept PayPal Payments) Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)
Software WP Express Checkout Accept PayPal Payments Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1469 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c8954f0fe6fa Credi...
WordPress Plugin WP Express Checkout 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2022-2378
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
PT-2022-16264 · WordPress · Easy Student Results
Name of the Vulnerable Software and Affected Versions: Easy Student Results WordPress plugin versions 2.2.8 and earlier Description: The issue concerns a lack of authorization in the REST API of the Easy Student Results WordPress plugin. This allows unauthenticated users to retrieve sensitive...
Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=rpsresultbatch&edit=%3Cscript%3Ealert/XSS/%3C/script%3E...
[SECURITY] Fedora 35 Update: golang-github-kyokomi-emoji-2.2.8-5.fc35
Emoji terminal output for Go...
[SECURITY] Fedora 36 Update: golang-github-kyokomi-emoji-2.2.8-5.fc36
Emoji terminal output for Go...
Apache Archiva < 2.2.8 Improper Authorization Vulnerability
Apache Archiva is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...