CVE-2023-47223

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Map Plugins Basic Interactive World Map plugin = 2.0 versions...

CVE-2023-47223

A vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map.This issue affects Basic Interactive World Map: from n/a through = 2.0...

CVE-2023-47223

CVE-2023-47223 affects the WordPress plugin Basic Interactive World Map (WP Map Plugins) version ≤ 2.0. The vulnerability is a stored XSS due to inadequate escaping of input in the affected component, with an attacker (admin+ privileges) able to trigger it. The issue is classified with low to med...

WordPress Basic Interactive World Map Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Basic Interactive World Map Type Plugin Vulnerable versions = 2.0 Fixed in 2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47223 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 49944254b130 Credits DoYeon Park p6rkdoye0n Require...

CVE-2023-35794

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...

CVE-2023-35794

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...

CVE-2023-35794

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...

CVE-2023-35794

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...

CVE-2023-45868

The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...

PT-2023-25318 · Cassia · Cassia Access Controller

Name of the Vulnerable Software and Affected Versions: Cassia Access Controller version 2.1.1.2303271039 Description: An issue was discovered in the Cassia Access Controller where the Web SSH terminal endpoint, also known as the spawned console, can be accessed without proper authentication. The...

Elon Musk’s X (Twitter) to Charge $1 for Basic Features

By Waqas Prepare to pay for Twitter X. This is a post from HackRead.com Read the original post: Elon Musks X Twitter to Charge $1 for Basic Features...

Ubuntu 16.04 ESM / 18.04 ESM : aria2 vulnerability (USN-4869-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4869-1 advisory. It was discovered that aria2 could accidentally leak authentication data. An attacker could possibly use this to gain access to sensitive information...

CVE-2023-36555

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components...

CVE-2023-41950

Cross-Site Request Forgery CSRF vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin = 1.4.1 versions...

CVE-2023-41950

Cross-Site Request Forgery CSRF vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin = 1.4.1 versions...

CVE-2023-41950 WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin = 1.4.1 versions...

CVE-2023-41950 WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin = 1.4.1 versions...

PT-2023-28188 · Laposta · Laposta Signup Basic

Name of the Vulnerable Software and Affected Versions: Laposta - Roel Bousardt Laposta Signup Basic plugin versions = 1.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application th...

WordPress Plugin Laposta Signup Basic Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Tenda AC10 缓冲区错误漏洞

Tenda AC10U is a dual-band Gigabit wireless router from Tenda Technology, designed for 200 megabit and above fiber optic homes, supporting 802.11ac dual-band technology 2.4GHz and 5GHz, with a theoretical WiFi rate of up to 867Mbps. The Tenda AC10U suffers from a stack buffer overflow vulnerabili...