CVE-2023-29636

CVE-2023-29636 is a cross-site scripting (XSS) vulnerability in ZHENFENG13 My-Blog. The root cause is that the title field on the blog management page is not sanitized with MyBlogUtils.cleanString, enabling arbitrary script/HTML injection. Reported details are corroborated by multiple sources (NV...

PT-2023-22347 · Winterchens · My-Site

Name of the Vulnerable Software and Affected Versions: WinterChenS my-site versions before commit 3f0423da6d5200c7a46e200da145c1f54ee18548 Description: The issue allows attackers to inject arbitrary web script or HTML via editing blog articles, which is a Cross Site Scripting XSS vulnerability...

CVE-2023-29638

Cross Site Scripting XSS vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles...

disneycruiselineblog.com Cross Site Scripting vulnerability OBB-3283318

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

veras.blog.bg Cross Site Scripting vulnerability OBB-3278565

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploit for Injection in Git-Scm Git

CVE-2023-29007 PoC repository for CVE-2023-29007https://vu...

Our Journey with FlexBase Emissions

...

WordPress Glaze Blog Lite Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Glaze Blog Lite Type Theme Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28687 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0a07af531c50 Credits László Radnai Required...

WordPress Mocho Blog Theme <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Mocho Blog Type Theme Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27412 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 085597533752 Credits László Radnai Required...

WordPress Cream Blog Theme <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Cream Blog Type Theme Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28687 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 08758c27269b Credits László Radnai Required...

Viable blog <= 1.1.4 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi

The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks. Run the below command in the developer console of the web browser while being on the blog...

WordPress Viable blog Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Viable blog Type Theme Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27419 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID bc9810b2a616 Credits László Radnai Required...

Release of a Technical Report into Intel Trust Domain Extensions

Today, members of Google Project Zero and Google Cloud are releasing a report on a security review of Intel's Trust Domain Extensions TDX. TDX is a feature introduced to support Confidential Computing by providing hardware isolation of virtual machine guests at runtime. This isolation is achieved...

What’s New for Developers: April 2023

...

WordPress Blog Navigator Chatbot by Xatkit Plugin <= 4.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Blog Navigator Chatbot by Xatkit Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1649 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 73a888678fc8 Credits Erwan L...

Cross site request forgery (csrf)

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...

CVE-2023-0889

CVE-2023-0889 affects Themeflection Numbers WordPress plugin pre-2.0.1. The vulnerability arises from missing authorization and CSRF checks in an AJAX action and failure to verify that updated options belong to the plugin, enabling any authenticated user (e.g., Subscriber) to update arbitrary blo...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the presence of...

CVE-2023-2101

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be...