956 matches found
WordPress Greenshift – animation and page builder blocks Plugin <= 8.8.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Greenshift – animation and page builder blocks Type Plugin Vulnerable versions = 8.8.9.1 Fixed in 8.9.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb212ed9cc65 Credits João...
SUSE CVE-2024-37383
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes...
Fedora: Security Advisory for qt6-qtquicktimeline (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-5259
The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hoveranimation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it...
WordPress MultiVendorX Marketplace plugin <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via hoveranimation Parameter vulnerability discovered by stealthcopter in WordPress Plugin MultiVendorX versions = 4.1.11...
[SECURITY] Fedora 40 Update: qt6-qtquicktimeline-6.7.1-1.fc40
The Qt Quick Timeline plugin provides QML types to use timelines and keyframes to animate Qt Quick user interfaces...
CVE-2024-5060
The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2024-5060
The WordPress plugin WordPress: LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to 1.10.9 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor lev...
CVE-2024-4619
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and output escaping. This makes it possible...
PT-2024-31919 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to, and including, 3.21.4 Description: The Elementor Website Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the hover animation parameter due ...
PT-2024-32315 · WordPress · Testimonial Carousel For Elementor
Name of the Vulnerable Software and Affected Versions: Testimonial Carousel For Elementor plugin for WordPress versions up to, and including, 10.1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticat...
CVE-2024-3680
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2024-27162 · WordPress · Enter Addons – Ultimate Template Builder For Elementor
Name of the Vulnerable Software and Affected Versions: Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress versions up to, and including, 2.1.5 Description: The issue is related to Stored Cross-Site Scripting via the Animation Title widget's img tag due to insufficient inp...
Malicious code in hw-transition-animation (npm)
The package hw-transition-animation npm version 66.6.9 contains malicious code. The malicious code is designed exfiltrate system information potentially for malicious purpose...
CVE-2024-2751
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘exadinfoboxanimatingmaskstyle’ parameter in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-20796 Adobe Animation SWF File Parsing Memory Corruption
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victi...
Rockwell Automation Arena Simulation Software Arbitrary Code Execution Vulnerability
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. An arbitrary code execution vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker t...
Rockwell Automation Arena Simulation Software Free After Use Vulnerability
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A free after-use vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by attackers to insert...
CVE-2024-20763
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...
CVE-2024-26638
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...