34 matches found
EUVD-2019-6804
Malware in sbrugna...
CVE-2025-6804 Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability
Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this...
CVE-2025-6804
creationtimestamp| type| source ---|---|--- 2025-06-27 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-453/...
CVE-2024-6804
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2024-6804
creationtimestamp| type| source ---|---|--- 2024-08-27 09:52:35+00:00| seen| https://t.me/cvedetector/4230...
CVE-2024-6804
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2024-6804 Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2024-6804 Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
WordPress Jeg Elementor Kit Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)
Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6804 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5e516b60c2ef Credits wesley wcraft Required...
Malicious code in wlwz-2312-6804 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e94dcb6dc07a90b9c344a79532d22d3f0f5c4077c06d87919da7b0c489adf0fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-786 Malicious code in wlwz-2312-6804 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e94dcb6dc07a90b9c344a79532d22d3f0f5c4077c06d87919da7b0c489adf0fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-6804
creationtimestamp| type| source ---|---|--- 2024-01-18 07:07:58+00:00| seen| https://t.me/ctinow/169594...
CVE-2023-6804
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.1...
CVE-2023-6804 Improper Privilege Management allows for arbitrary workflows to be run
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.1...
CVE-2023-6804
CVE-2023-6804 (GitHub Enterprise Server) : Improper privilege management allows arbitrary workflows to be committed and run using an improperly scoped Personal Access Token, provided a workflow already exists in the target repo. Affected: GitHub Enterprise Server versions 3.8–3.11.x (before fixes...
CVE-2020-6804
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system...
CVE-2020-6804
CVE-2020-6804 is a reflected XSS in Mozilla WebThings Gateway. The vulnerability allows crafted URLs to steal a user’s authentication token via the gateway interface. When paired with CVE-2020-6803 (open redirect on the gateway login page), an attacker could fully compromise the system. The provi...
Rundeck Community Edition Cross Site Scripting
Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prin...
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact:...
Rundeck Community Edition 3.0.13 - Persistent Cross-Site Scripting
Rundeck Community Edition 3.0.13 - Persistent Cross-Site Scripting Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact:...