797 matches found
GitLab 14.0 < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.2 (CVE-2022-0167)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab...
CVE-2023-5005
The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2023-5005
The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
Cross site scripting
The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2023-5005
CVE-2023-5005 affects the Autocomplete Location field for the Contact Form 7 WordPress plugin (and the Pro variant) where certain settings were not properly sanitized/escaped. This could allow high-privilege users (e.g., administrators) to perform a Stored Cross-Site Scripting (XSS) attack, even ...
CVE-2023-5005 Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting
The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
WordPress Plugin Autocomplete Location field Contact Form Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Malicious code in simple-autocomplete-dropdown (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae96f59d7d614e3321cbab4516936e0500129be54888468ac309eaf1ad2269ed The OpenSSF Package Analysis project identified 'simple-autocomplete-dropdown' @ 3.7.14 npm as malicious. It is considered malicious because: -...
MAL-2023-8623 Malicious code in simple-autocomplete-dropdown (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae96f59d7d614e3321cbab4516936e0500129be54888468ac309eaf1ad2269ed The OpenSSF Package Analysis project identified 'simple-autocomplete-dropdown' @ 3.7.14 npm as malicious. It is considered malicious because: -...
GHSA-JCGV-3PFQ-J4HR Mattermost Injection vulnerability
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...
Mattermost Injection vulnerability
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...
Hardcoded credentials
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...
CVE-2023-35075 HTML injection via channel autocomplete
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...
CVE-2023-35075 HTML injection via channel autocomplete
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...
PT-2023-25131 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from Mattermost's failure to use innerText or textContent when setting the channel name in the webapp during autocomplete. This allows an attacker to inject HTML into a...
Malicious code in place-zip-autocomplete-input (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 80a9eda07bbcecc8a168b9ef0252e04b4b97abe222e5d8445113a1ae34c71a6d The OpenSSF Package Analysis project identified 'place-zip-autocomplete-input' @ 3.7.14 npm as malicious. It is considered malicious because: -...
WordPress Autocomplete Location field Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Software Autocomplete Location field Contact Form 7 Type Plugin Vulnerable versions = 2.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5005 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4890d8d7c0c3 Credits B...
Malicious code in autocomplete-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9655da8503f9549c9411d13c7b5306dd5b29247b41ee5857561d74aa7c118dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8559 Malicious code in autocomplete-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9655da8503f9549c9411d13c7b5306dd5b29247b41ee5857561d74aa7c118dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8534 Malicious code in autocomplete-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b3d22342c939ff5ef11bdb6b41a359ac46d2ba5e348d89c27cb5b66b5518f1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...