21 matches found
CVE-2025-23892
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Furr Progress Tracker progress-tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through = 0.9.3...
CVE-2021-23892
By exploiting a time of check to time of use TOCTOU race condition during the Endpoint Security for Linux Threat Prevention and Firewall ENSL TP/FW installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrar...
CVE-2025-23892
creationtimestamp| type| source ---|---|--- 2025-01-16 21:19:17+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv7gffacz2r 2025-01-17 22:57:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2249...
CVE-2025-23892
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Furr Progress Tracker progress-tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through = 0.9.3...
CVE-2025-23892 WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Furr Progress Tracker progress-tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through = 0.9.3...
CVE-2025-23892 WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Furr Progress Tracker progress-tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through = 0.9.3...
CVE-2025-23892
CVE-2025-23892 affects Progress Tracker (WordPress plugin). Description from connected sources confirms a DOM-based XSS flaw caused by improper input neutralization, affecting Progress Tracker versions up to 0.9.3. Red Hat and Wordfence entries corroborate the vulnerability and indicate the patch...
CVE-2024-23892 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this...
CVE-2024-23892
CVE-2024-23892 affects Cups Easy (Purchase & Inventory) 1.0. The vulnerability is a cross-site scripting flaw in the costcenterid parameter of /cupseasylive/costcentercreate.php, caused by insufficient encoding. An attacker could craft a URL to an authenticated user and potentially steal session ...
CVE-2024-23892 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this...
CVE-2023-23892
creationtimestamp| type| source ---|---|--- 2023-04-24 18:14:20+00:00| seen| https://t.me/cibsecurity/62699...
CVE-2023-23892
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jamie Poitra M Chart plugin = 1.9.4 versions...
CVE-2023-23892 WordPress M Chart Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jamie Poitra M Chart plugin = 1.9.4 versions...
CVE-2023-23892 WordPress M Chart Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jamie Poitra M Chart plugin = 1.9.4 versions...
CVE-2023-23892
CVE-2023-23892 affects the WordPress plugin “M Chart” by Jamie Poitra. Versions 1.9.4, specifically 1.10, to mitigate. Reported impact is confined to XSS with a Moderate CVSS baseline in public sources, and there is no explicit public exploitation detail in the provided documents. Recommend appl...
WordPress M Chart Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS)
Software M Chart Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23892 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 383eb1775479 Credits thiennv Required privilege...
CVE-2021-23892
creationtimestamp| type| source ---|---|--- 2021-05-12 20:33:35+00:00| seen| Telegram/Ta4p-FcORhAfgQpJA60OLXHBJn2QbZVUW-Tp6RhE-RqCc1c...
CVE-2021-23892
By exploiting a time of check to time of use TOCTOU race condition during the Endpoint Security for Linux Threat Prevention and Firewall ENSL TP/FW installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrar...
CVE-2021-23892
By exploiting a time of check to time of use TOCTOU race condition during the Endpoint Security for Linux Threat Prevention and Firewall ENSL TP/FW installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrar...
CVE-2021-23892
The CVE-2021-23892 issue affects McAfee Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW). A TOCTOU race condition during the installation process allows a local user to escalate privileges by exploiting insecure use of predictable temporary file locations to gain administra...