7703 matches found
CVE-2024-1146
Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'...
CVE-2024-1144
Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials...
CVE-2024-1144
Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials...
CVE-2024-1146
CVE-2024-1146 concerns Devklan’s Alma Blog. Affected: versions ≤ 2.1.10. Vulnerability: cross-site scripting via storing a malicious JavaScript payload in the application by adding content to the public-facing fields Community Description or Community Rules . Impact: could enable execution of inj...
CVE-2024-1146 Cross-site Scripting at Alma Devklan Blog
Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'...
CVE-2024-1146 Cross-site Scripting at Alma Devklan Blog
Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'...
CVE-2024-1145 Observable Response Discrepancy at Alma Devklan Blog
User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response...
CVE-2024-1145
The CVE-2024-1145 entry concerns Devklan’s Alma Blog (versions 2.1.10 and earlier) with a user-enumeration vulnerability. The affected component is the user-facing response handling that allows a remote attacker to discover valid user accounts by inspecting request responses. Impact is informatio...
CVE-2024-1144 Improper Access Control at Alma Devklan Blog
Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials...
CVE-2024-1144 Improper Access Control at Alma Devklan Blog
Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials...
CVE-2024-1144
CVE-2024-1144 refers to an improper access control vulnerability in Devklan’s Alma Blog, affecting versions 2.1.10 and earlier. An unauthenticated user could access certain functionalities without credentials. Public sources confirm the affected software and versions; the incident is not describe...
Cross Site Scripting(XSS)
Liferay Portal vulnerable to Cross-Site Scripting XSS. The vulnerability is due to inadequate input sanitization of blog entries in Liferay Portal and Liferay DXP. Specifically, the default configuration does not properly filter JavaScript from blog entry content, allowing remote authenticated...
CVE-2024-1239
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
blog.mares.com Cross Site Scripting vulnerability OBB-3870402
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...
CVE-2024-27279
CVE-2024-27279 describes a directory traversal vulnerability in a-blog cms affecting multiple release branches: 3.1.x (up to 3.1.9), 3.0.x (up to 3.0.30), 2.11.x (up to 2.11.59), 2.10.x (up to 2.10.51), and 2.9 and earlier. A user with editor or higher privileges who can log in may obtain arbitra...
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...
Akamai Security Solutions — Everywhere Your Business Meets the World
...