Lucene search
K

207 matches found

Cvelist
Cvelist
added 2023/02/27 3:24 p.m.22 views

CVE-2023-0543 Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS

The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00465EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/27 3:24 p.m.8 views

CVE-2023-0543 Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS

The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.7AI score0.00465EPSS
Exploits2References1
CVE
CVE
added 2023/02/27 3:24 p.m.62 views

CVE-2023-0543

CVE-2023-0543 affects the WordPress plugin Arigato Autoresponder and Newsletter, prior to version 2.1.7.2. Root cause: insufficient sanitization/escaping of settings allowing Stored XSS by high-privilege admins, even when unfiltered_html is disallowed. Documented impact: Stored XSS with admin+ pr...

4.8CVSS4.7AI score0.00465EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.6 views

WordPress Plugin Arigato Autoresponder and Newsletter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.7AI score0.00465EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/02/06 12:0 a.m.11 views

WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Arigato Autoresponder and Newsletter Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25031 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 587f7c05becf Credits...

5.9CVSS5.8AI score0.00394EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/06 12:0 a.m.14 views

Arigato Autoresponder and Newsletter < 2.7.1.1 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS5.8AI score0.00406EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2023/02/02 12:0 a.m.10 views

WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Arigato Autoresponder and Newsletter Type Plugin Vulnerable versions = 2.7.1.1 Fixed in 2.7.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25061 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d6cfa2bc3409 Credit...

6.5CVSS5.8AI score0.00383EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/01 12:0 a.m.12 views

WordPress Arigato Autoresponder and Newsletter Plugin < 2.7.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Arigato Autoresponder and Newsletter Type Plugin Vulnerable versions 2.7.1.2 Fixed in 2.7.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0543 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e5225dad6b06 Credits...

4.8CVSS6AI score0.00465EPSS
Exploits2References4Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/31 12:0 a.m.15 views

Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Go to the Mailing list option and register a new user with the value...

4.8CVSS5AI score0.00465EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/31 12:0 a.m.412 views

Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to the Mailing list option and register a new user with the value "autofoc...

4.8CVSS5.4AI score0.00465EPSS
Exploits2
OSV
OSV
added 2022/11/23 6:30 a.m.14 views

GHSA-5JPH-WRQ7-V9HF Denial of service in Mattermost

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages...

6.5CVSS5AI score0.01069EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/11/23 6:30 a.m.30 views

Denial of service in Mattermost

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages...

6.5CVSS6.2AI score0.01069EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/11/23 6:15 a.m.19 views

CVE-2022-4044

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages...

6.5CVSS0.01069EPSS
Exploits1References2
OSV
OSV
added 2022/11/23 5:45 a.m.15 views

CVE-2022-4044 Authenticated user could send multiple requests containing a large Auto Responder Message payload and can crash a Mattermost server

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages...

4.3CVSS6.6AI score0.01069EPSS
Exploits1References4
CVE
CVE
added 2022/11/23 5:45 a.m.72 views

CVE-2022-4044

CVE-2022-4044 is a Mattermost DoS affecting authenticated users who can crash the server by sending large auto-responder messages. The vulnerability stems from unbounded Auto Responder Message payloads, enabling resource exhaustion (notably via large autoresponder content). Affected Mattermost Se...

6.5CVSS5.1AI score0.01069EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.3 views

PT-2022-25386 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: A denial-of-service issue allows an authenticated user to crash the server by sending multiple large autoresponder messages. Recommendations: At the moment, there is no information about...

6.5CVSS6.2AI score0.01069EPSS
Exploits1References9
Kitploit
Kitploit
added 2022/05/10 12:30 a.m.28 views

AutoResponder - Carbon Black Response IR Tool

What is it? AutoResponder is a tool aimed to help people to carry out their Incident Response tasks WITH the help of Carbon Black Response's awesome capabilities and WITHOUT much bothering IT/System/Network Teams What can it do? Module | ✔️ / ❌ ---|--- Delete Files | ✔️ Delete Registry Values | ✔️...

7.5AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/15 12:15 p.m.6 views

CVE-2022-0954

Multiple Stored Cross-site Scripting XSS Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11...

6.8CVSS6.3AI score0.03197EPSS
Exploits1References4
OSV
OSV
added 2022/02/04 11:15 p.m.3 views

CVE-2021-44779

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

9.8CVSS5.8AI score0.01074EPSS
Exploits0References2
NVD
NVD
added 2022/02/04 11:15 p.m.26 views

CVE-2021-44779

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

9.8CVSS0.01074EPSS
Exploits0References2
Rows per page
Query Builder