Lucene search
+L

203 matches found

CVE
CVE
added 2023/11/21 10:22 p.m.87 views

CVE-2023-48307

The CVE-2023-48307 entry describes a Server-Side Request Forgery (SSRF) flaw in the Nextcloud Mail app. Affected are Nextcloud Mail versions starting from 1.13.0 up to, but not including, 2.2.8 and up to, but not including, 3.3.0. An attacker can abuse an unprotected endpoint in the Mail app to p...

9.8CVSS6.5AI score0.00866EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/11/20 12:0 a.m.18 views

WordPress wpForo Forum Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2023-47870 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5ba347a4983e Credits Jesse McNeil Required...

8.8CVSS7AI score0.00267EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.6 views

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop extratabspro versions prior to 2.2.8 that stems from the...

9.8CVSS7.8AI score0.00636EPSS
Exploits1References2
OSV
OSV
added 2023/10/03 12:15 p.m.2 views

CVE-2023-39165

Cross-Site Request Forgery CSRF vulnerability in Fetch Designs Sign-up Sheets plugin = 2.2.8 versions...

8.8CVSS7.3AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2023/05/29 1:15 a.m.4 views

CVE-2022-45372

Cross-Site Request Forgery CSRF vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin = 2.2.8 versions...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/29 12:0 a.m.3 views

WordPress Plugin Product Gallery Slider for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.2AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/29 12:0 a.m.3 views

PT-2023-14659 · Woocommerce · Codeixer Product Gallery Slider For Woocommerce

Name of the Vulnerable Software and Affected Versions: Codeixer Product Gallery Slider for WooCommerce plugin versions = 2.2.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application...

8.8CVSS8.8AI score0.00256EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/28 12:0 a.m.5 views

eDEX-UI 访问控制错误漏洞

eDEX-UI is a full-screen, cross-platform terminal emulator and system monitor from the individual developer Gabriel Saillard in France. A security vulnerability exists in eDEX-UI version 2.2.8 and prior versions, which stems from vulnerability to cross-site web hijacking, where a malicious websit...

10CVSS8.4AI score0.00348EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.6 views

PT-2023-23012

Name of the Vulnerable Software and Affected Versions eDEX-UI versions 2.2.8 and prior Description eDEX-UI is a science fiction terminal emulator that is vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal...

10CVSS5AI score0.00348EPSS
Exploits1References11
NVD
NVD
added 2023/03/21 6:15 a.m.32 views

CVE-2022-41785

Auth. contributor+ Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin = 2.2.8 versions...

5.4CVSS5.3AI score0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/21 5:57 a.m.8 views

CVE-2022-41785 WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin = 2.2.8 versions...

5.4CVSS5.3AI score0.00383EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.3 views

WordPress Plugin Galleryape Gallery Images Ape 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS5.4AI score0.00383EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/03/20 12:0 a.m.19 views

WordPress WP Express Checkout (Accept PayPal Payments) Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Express Checkout Accept PayPal Payments Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1469 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c8954f0fe6fa Credi...

4.8CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.7 views

WordPress Plugin WP Express Checkout 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.8CVSS6.4AI score0.00352EPSS
Exploits0References3
OSV
OSV
added 2022/08/15 11:21 a.m.2 views

CVE-2022-2378

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.0051EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/08/15 12:0 a.m.5 views

PT-2022-16264 · WordPress · Easy Student Results

Name of the Vulnerable Software and Affected Versions: Easy Student Results WordPress plugin versions 2.2.8 and earlier Description: The issue concerns a lack of authorization in the REST API of the Easy Student Results WordPress plugin. This allows unauthenticated users to retrieve sensitive...

7.5CVSS7.2AI score0.02801EPSS
Exploits2References4
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.128 views

Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=rpsresultbatch&edit=%3Cscript%3Ealert/XSS/%3C/script%3E...

6.1CVSS1AI score0.0051EPSS
Exploits2
Fedora
Fedora
added 2022/07/17 1:15 a.m.31 views

[SECURITY] Fedora 35 Update: golang-github-kyokomi-emoji-2.2.8-5.fc35

Emoji terminal output for Go...

9.3CVSS1.5AI score0.0995EPSS
Exploits4
Fedora
Fedora
added 2022/07/04 1:35 a.m.15 views

[SECURITY] Fedora 36 Update: golang-github-kyokomi-emoji-2.2.8-5.fc36

Emoji terminal output for Go...

9.3CVSS8.2AI score0.0995EPSS
Exploits4
OpenVAS
OpenVAS
added 2022/06/24 12:0 a.m.18 views

Apache Archiva < 2.2.8 Improper Authorization Vulnerability

Apache Archiva is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.5AI score0.01591EPSS
Exploits0References1
Rows per page
Query Builder