4 matches found
CVE-2025-52206
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. The vulnerability affects the ISPConfig system-status UI, specifically the monitor/show_sys_state.php endpoint (state=server&server=[removed]...), allowing reflected user-supplied input to execute script in...
CVE-2023-52206
creationtimestamp| type| source ---|---|--- 2024-01-08 21:27:01+00:00| seen| https://t.me/ctinow/164652 2024-01-25 15:11:34+00:00| seen| https://t.me/ctinow/173492...
CVE-2023-52206
CVE-2023-52206 affects the WordPress plugin "Page Builder: Live Composer" (Live Composer Page Builder) up to version 1.5.25. The issue is described as deserialization of untrusted data leading to PHP object injection via deserialization. Patchstack and CVE records indicate the fix is available in...
WordPress Page Builder: Live Composer Plugin <= 1.5.25 is vulnerable to PHP Object Injection
Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.25 Fixed in 1.5.29 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52206 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID cbdb1d60e22e Credits Le Ngoc Anh Required...