opensourcepos 安全漏洞

opensourcepos is an open-source POS system developed by opensourcepos. Version 3.4.1 of opensourcepos contains a security vulnerability, which stems from improper handling of custom AJAX responses, potentially allowing for the execution of arbitrary code...

PT-2023-27961 · WordPress · Store Locator

Name of the Vulnerable Software and Affected Versions: Store Locator WordPress plugin versions prior to 1.4.13 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape an invalid nonce before outputting it ba...

CVE-2023-2706

The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...

GHSA-RMXG-73GG-4P98 Cross-Site Scripting (XSS) in jquery

Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn't contain the dataType option. Recommendation Update to version 3.0.0 or later...