SUSE CVE-2018-17537

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists...

DNSrecon-gui - DNSrecon Tool With GUI For Kali Linux

DNSRecon is a DNS scanning and enumeration tool written in Python, which allows you to perform different tasks, such as enumeration of standard records for a defined domain A, NS, SOA, and MX. Top-level domain expansion for a defined domain. With this graph-oriented user interface, the different...

ARMO integrates ChatGPT to secure Kubernetes

By Deeba Ahmed Kubernetes' creator ARMO announced the integration in a blog post on February 7th, 2023. This is a post from HackRead.com Read the original post: ARMO integrates ChatGPT to secure Kubernetes...

New MSRC Blog Site

We are excited to announce the release of the new Microsoft Security Response Center MSRC blog site. Please visit msrc.microsoft.com/blog/starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved sit...

New MSRC Blog Site

We are excited to announce the release of the new Microsoft Security Response Center MSRC blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved si...

New MSRC Blog Site

We are excited to announce the release of the new Microsoft Security Response Center MSRC blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved si...

Replyable < 2.2.10 - Subscriber+ PHP Object Injection

The plugin does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could...

Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 Proof-of-Concept Overview This is a DoS P...

CVE-2022-4824

The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4824 WP Blog and Widget < 2.3.1 - Contributor+ Stored XSS via Shortcode

The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4824 WP Blog and Widget < 2.3.1 - Contributor+ Stored XSS via Shortcode

The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4824

The CVE-2022-4824 entry concerns the WordPress plugin WP Blog and Widgets (before version 2.3.1). Multiple sources confirm a Stored XSS vulnerability caused by not validating and escaping certain shortcode attributes, enabling users with as low as Contributor to target high-privilege admins. The ...

WordPress plugin WP Blog and Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

GHSA-VXPM-8HCP-QH27 Payment information sent to PayPal not necessarily identical to created order

Impact If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. Patches The problem has been fixed with version 5.4.4 Workarounds...

Payment information sent to PayPal not necessarily identical to created order

Impact If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. Patches The problem has been fixed with version 5.4.4 Workarounds...

CVE-2022-4793

The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4792

CVE-2022-4792 affects the WordPress plugin “News & Blog Designer Pack” (pre-3.3). The flaw is improper validation/escaping of a shortcode attribute, enabling a user with at least contributor privileges to perform a Stored XSS attack. Impact is limited to data/JS execution via the vulnerable short...

CVE-2022-4792 News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4793 Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4793

CVE-2022-4793 affects the WordPress plugin Blog Designer – Post and Widget