CVE-2022-23641

Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an...

CVE-2025-23641 WordPress Powie's pLinks PagePeeker plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PowieT Powie's pLinks PagePeeker plinks allows DOM-Based XSS.This issue affects Powie's pLinks PagePeeker: from n/a through = 1.0.2...

CVE-2025-23641 WordPress Powie's pLinks PagePeeker plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PowieT Powie's pLinks PagePeeker plinks allows DOM-Based XSS.This issue affects Powie's pLinks PagePeeker: from n/a through = 1.0.2...

CVE-2025-23641

CVE-2025-23641: DOM-based XSS in Powie’s Powie's pLinks PagePeeker (WordPress plugin) due to improper input neutralization during page generation. Affected: Powie’s pLinks PagePeeker versions up to 1.0.2 (fixed status not publicly detailed in connected docs). CVSSv3.1 base score 6.5 (Medium) with...

CVE-2024-23641

CVE-2024-23641 affects SvelteKit 2 apps when handling HTTP GET/HEAD requests with a body (e.g., {})—these requests crash the preview/hosted app, including TRACE, causing DoS. The issue specifically impacts deployments using @sveltejs/adapter-node versions 2.1.2, 3.0.3, or 4.0.1 and @sveltejs/kit ...

CVE-2024-23641 Sending a GET or HEAD request with a body crashes SvelteKit

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...

CVE-2024-23641 Sending a GET or HEAD request with a body crashes SvelteKit

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...

@alexaegis/svelte-config (>=0.9.2 <=0.14.1), @builders-of-stuff/svelte-sui-wallet-adapter (>=1.1.4 <=2.1.0) +8 more potentially affected by CVE-2024-23641 via @sveltejs/kit (>=2.0.0 <=2.49.5)

@sveltejs/kit NPM version =2.0.0, =0.9.2, =1.1.4, =0.0.137, =0.4.1, =5.0.0-alpha.1, =0.0.1, =1.0.1-next.0, =1.0.2, =0.0.1, =1.3.0, =1.12.3 Source cves: CVE-2024-23641 Source advisory: OSV:GHSA-G5M6-HXPP-FC49...

CVE-2024-23641

creationtimestamp| type| source ---|---|--- 2024-01-24 00:24:51+00:00| published-proof-of-concept| https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49 2024-01-24 18:26:32+00:00| seen| https://t.me/ctinow/172985 2024-01-26 20:16:59+00:00| seen| https://t.me/arpsyndicate/3056...

CVE-2023-23641

creationtimestamp| type| source ---|---|--- 2023-05-16 14:30:22+00:00| seen| https://t.me/cibsecurity/64204...

CVE-2023-23641

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WPmanage Uji Popup plugin = 1.4.3 versions...

CVE-2023-23641

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WPmanage Uji Popup plugin = 1.4.3 versions...

CVE-2023-23641

CVE-2023-23641 affects WordPress WPmanage Uji Popup plugin up to version 1.4.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw exploitable by contributors and higher-authenticated users via the uji_popup_code shortcode. Impact per sources is a stored XSS risk with confidential data...

CVE-2023-23641 WordPress Uji Popup Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WPmanage Uji Popup plugin = 1.4.3 versions...

WordPress Uji Popup Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Uji Popup Type Plugin Vulnerable versions = 1.4.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23641 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 59d88f6966b4 Credits István Márton Required privileg...

CVE-2022-23641

creationtimestamp| type| source ---|---|--- 2022-02-16 00:35:57+00:00| seen| https://t.me/cibsecurity/37546...

Discourse < 2.8.1 DoS Vulnerability

Discourse is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"...

Discourse 2.9.x < 2.9.0.beta2 DoS Vulnerability

Discourse is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"...

CVE-2022-23641

Discourse contains a Denial of Service vulnerability (CVE-2022-23641) where parsing Oneboxes in a background job can trigger an infinite loop, leaking memory. Affected versions include prior to 2.8.1 (stable) and 2.9.0.beta2 (beta/tests-passed). The issue is fixed in 2.8.1 (stable) and 2.9.0.beta...

CVE-2022-23641 Denial of Service in Discourse

Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an...