CVE-2026-23702

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...

CVE-2026-23702

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...

CVE-2025-23702

Cross-Site Request Forgery CSRF vulnerability in Schalk Burger Anonymize Links anonymize-links allows Stored XSS.This issue affects Anonymize Links: from n/a through = 1.1...

CVE-2025-23702

CVE-2025-23702 : CSRF vulnerability in the WordPress plugin Anonymize Links that allows Stored XSS. Affected: Anonymize Links versions up to 1.1 (inclusive). Metrics indicate CVSS v3.1 base score 7.1 (High), with Network attack vector, Low confidentiality/integrity/availability impact, no privile...

CVE-2025-23702 WordPress Anonymize Links plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Schalk Burger Anonymize Links allows Stored XSS.This issue affects Anonymize Links: from n/a through 1.1...

CVE-2025-23702 WordPress Anonymize Links plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Schalk Burger Anonymize Links anonymize-links allows Stored XSS.This issue affects Anonymize Links: from n/a through = 1.1...

CVE-2024-7722 Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2024-23702

CVE-2024-23702 is listed in the Wear OS/MAY 2024 bulletin as an Elevation of Privilege issue within the Framework component, enabling local privilege escalation by a malicious app with no extra execution privileges needed. The vulnerability is part of the 2024-05-01 patch level addressed in the W...

CVE-2023-23702

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...

CVE-2023-23702 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...

CVE-2023-23702

CVE-2023-23702 is a stored XSS vulnerability in the Pixelgrade Comments Ratings WordPress plugin (versions ≤ 1.1.7) exploitable by users with admin+ privileges. The issue permits injection of malicious scripts via the plugin’s input surface and is rated medium by CVSS (base 4.8–4.9 in sources). P...

WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Comments Ratings Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23702 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7f7df4a9e3a3 Credits yuyudhn Required privile...

PHPFusion < 9.03.70 Multiple Vulnerabilities

PHPFusion is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-23702

The CVE-2022-23702 issue affects HPE Superdome Flex Server and Superdome Flex 280 Server. A locally exploitable privilege-escalation vulnerability exists that can be exploited by a user with Administrator access. The problem is resolved in firmware updates: HPE Superdome Flex Server version 3.50....

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

CVE-2021-23702

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend...

CVE-2021-23702

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend...

CVE-2021-23702

CVE-2021-23702 relates to a Prototype Pollution vulnerability in the object-extend package. Public documentation across multiple sources confirms the flaw exists in the extend function of object-extend, enabling an attacker to inject properties into Object.prototype (e.g., via proto ), potentiall...

CVE-2021-23702 Prototype Pollution

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend...

CVE-2020-23702

creationtimestamp| type| source ---|---|--- 2021-07-07 22:37:58+00:00| seen| https://t.me/cibsecurity/25986...