CVE-2023-25027

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Chained Quiz plugin = 1.3.2.5 versions...

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...

CVE-2024-7602

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...

CVE-2024-7602 Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...

CVE-2024-7602 Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...

CVE-2024-25027

IBM Security Verify Access (Docker container 10.0.x) is affected by CVE-2024-25027, an information-disclosure vulnerability caused by missing encryption that can expose sensitive snapshot information. The IBM Security bulletin lists a base score of 6.2 and notes the vulnerability affects ISVA 10....

CVE-2023-25027

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Chained Quiz plugin = 1.3.2.5 versions...

CVE-2023-25027 WordPress Chained Quiz Plugin <= 1.3.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Chained Quiz plugin = 1.3.2.5 versions...

CVE-2023-25027

CVE-2023-25027 : A stored XSS vulnerability exists in the WordPress plugin Chained Quiz (Kiboko Labs) up to version 1.3.2.5 . The issue requires admin+ authentication and is triggered via stored input in the plugin, enabling cross‑site scripting when viewed by others. The vulnerability is address...

WordPress Chained Quiz Plugin <= 1.3.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Chained Quiz Type Plugin Vulnerable versions = 1.3.2.5 Fixed in 1.3.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25027 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5cabf5b49c21 Credits yuyudhn Required...

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...

CVE-2022-25027

The CVE-2022-25027 entry concerns Rocket TRUfusion Portal v7.9.2.1, where the Forgotten Password flow can bypass authentication by validating the user’s session token after clicking the Password forgotten?; this is described across multiple sources (NVD, Red Hat CVE entries, OSV) as an authentica...

CVE-2021-25027

creationtimestamp| type| source ---|---|--- 2022-01-03 16:43:57+00:00| seen| https://t.me/cibsecurity/34848...

CVE-2021-25027

CVE-2021-25027 affects the WordPress plugin PowerPack Addons for Elementor (versions before 2.6.2). The issue is a failure to escape the tab parameter when outputting it back into an HTML attribute in the admin dashboard, resulting in a reflected Cross-Site Scripting vulnerability. Impact describ...

CVE-2018-25027

CVE-2018-25027 affects the Rust libpulse-binding crate prior to 1.2.1. The issue is a use-after-free in objects returned by get_format_info (and get_context per related advisories), leading to potential memory safety problems in PulseAudio bindings. Affected component: libpulse-binding (Rust crat...

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

CVE-2019-25027

The CVE-2019-25027 issue affects com.vaadin:flow-server, specifically the default RouteNotFoundError view. The vulnerability arises from missing output sanitization and affects versions 1.0.0–1.0.10 (Vaadin 10.0.0–10.0.13) and 1.1.0–1.4.2 (Vaadin 11.0.0–13.0.5), allowing an attacker to execute ma...

CVE-2019-25027 Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

com.github.mcollovati.vertx:vaadin-flow-sockjs (=12.0.0), com.github.mcollovati.vertx:vertx-vaadin-flow (=12.0.0) +149 more potentially affected by CVE-2019-25027 via com.vaadin:flow-server (>=1.1.0 <=1.4.2)

com.vaadin:flow-server MAVEN version =1.1.0, =0.5.2, =1.0.0, =1.0.0, =1.0.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.5 and more Source cves: CVE-2019-25027 Source advisory: OSV:GHSA-RP4X-WXQV-CF9M...