Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. Cisco AsyncOS suffers from a cross-site scripting vulnerability that stems from insufficient authentication of user input. An authenticated, remote attacker could exploit this vulnerability to launch a stored cross-site...

CVE-2024-9853

The CVE-2024-9853 entry concerns the WordPress plugin ID-SK Toolkit, vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 1.7.2. Authenticated attackers with Author-level access or higher can inject scripts that execute when users view the SVG. Public...

CVE-2024-9445 Display Medium Posts <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_medium_posts Shortcode

The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displaymediumposts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-8282 Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. Thi...

CVE-2024-23832 Mastodon Remote user impersonation and takeover

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is...