Malicious code in the-storyverse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2885a4f6fa566cedcd5c365fe4435186a31ed8913af26f8a06bbee3d760e66cb The package the-storyverse was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2023-49313

Malicious code in bioql PyPI...

EUVD-2022-48704

Malicious code in bioql PyPI...

EUVD-2024-36491

Malicious code in bioql PyPI...

CVE-2022-45850

Cross-Site Request Forgery CSRF vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9...

CVE-2024-37199

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9...

CVE-2024-37199

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9...

PT-2024-27367 · Enfold · Enfold

Name of the Vulnerable Software and Affected Versions: Enfold versions through 5.6.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions through 5.6.9...

WordPress Enfold Theme <= 5.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Enfold Type Theme Vulnerable versions = 5.6.9 Fixed in 5.6.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37199 Patch priority Low CVSS severity Low 7.1 Developer Kriesi PSID 231fe6fad434 Credits tom Required privilege Unauthenticated Published 20 June...

PT-2024-11725 · Unknown · Nickys Image Map Pro

Name of the Vulnerable Software and Affected Versions: Nickys Image Map Pro versions prior to 5.6.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, an...

VulnCheck KEV: CVE-2023-25135

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verifyserialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed...

WordPress Media File Renamer Plugin <= 5.6.9 is vulnerable to Sensitive Data Exposure

Software Media File Renamer Type Plugin Vulnerable versions = 5.6.9 Fixed in 5.7.0 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-44991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c8e129aba6bd Credits Joshu...

CVE-2023-4867

A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection...

CVE-2023-4867

Summary: CVE-2023-4867 affects Xintian Smart Table Integrated Management System 5.6.9, specifically the file /SysManage/AddUpdateSites.aspx (Added Site Page). The vulnerability arises from unsafe handling of the TbxSiteName parameter, enabling a SQL injection. It is exploitable remotely and, per ...

CVE-2022-45846

Cross-Site Request Forgery CSRF vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin 5.6.9 versions...

WordPress plugin Image Map Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

SUSE CVE-2013-1502

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition...

CVE-2023-25135

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verifyserialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions a...

Gimmie vBulletin 代码问题漏洞

Gimmie vBulletin is an open source forum plugin for Gimmie. A security vulnerability exists in vBulletin prior to version 5.6.9. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

WordPress plugin OWM Weather SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...