CVE-2024-37293

The AWS Deployment Framework ADF is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations...

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework ADF is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations...

Malicious code in dell-ui-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3c479c9bdd98cd009ae28c56a47f3ef7dd2dda6d6e96abbdfc86905f79f557b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1578 Malicious code in dell-ui-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3c479c9bdd98cd009ae28c56a47f3ef7dd2dda6d6e96abbdfc86905f79f557b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1573 Malicious code in bootstrap-npm-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fd1dc66e2c97cb20814b56fc5ff776a96f0851f09647f1cef4cfb305ec2b3a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bootstrap-npm-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fd1dc66e2c97cb20814b56fc5ff776a96f0851f09647f1cef4cfb305ec2b3a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-27450 · Amazon · Aws-Deployment-Framework

Name of the Vulnerable Software and Affected Versions: aws-deployment-framework versions prior to 4.0.0 Description: The AWS Deployment Framework ADF contains a bootstrap process that relies on elevated privileges to deploy ADF's bootstrap stacks, facilitating multi-account cross-region...

CVE-2024-35169

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through = 1.3.15...

WordPress plugin All Bootstrap Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2024-35169 WordPress All Bootstrap Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through = 1.3.15...

CVE-2024-35169 WordPress All Bootstrap Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through = 1.3.15...

CVE-2024-35169

CVE-2024-35169 is a Stored XSS vulnerability in the WordPress plugin All Bootstrap Blocks (AREOI All Bootstrap Blocks). Affected range is All Bootstrap Blocks up to version 1.3.15 (inclusive). The issue arises from improper neutralization of input during web page generation. Public references in ...

PT-2024-26350 · Unknown · Areoi All Bootstrap Blocks

Name of the Vulnerable Software and Affected Versions: AREOI All Bootstrap Blocks versions 1.3.15 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...

RHEL 8 : bootstrap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bootstrap: XSS in the tooltip or popover data-template attribute CVE-2019-8331 - In Bootstrap 3.x before...

RHEL 7 : bootstrap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bootstrap: Cross-site Scripting XSS in the data-container property of tooltip CVE-2018-14042 - In Bootstr...

RHEL 8 : nodejs-bootstrap-select (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-bootstrap-select: not escaping title values on may lead to XSS CVE-2019-20921 Note that Nessus has not teste...

WordPress All Bootstrap Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin All Bootstrap Blocks versions = 1.3.15...

WordPress All Bootstrap Blocks Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35169 Patch priority Low CVSS severity Low 5.9 Developer AREOI PSID 986d96f4d07f Credits 4rCanJ0x! Required privilege Author...

SUSE: Security Advisory (SUSE-SU-2024:1119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Aspera Orchestrator affected by usage of vulnerable software (CVE-2020-27511, CVE-2022-31160, CVE-2021-41184, CVE-2021-41182, CVE-2021-41183, CVE-2018-20677, CVE-2018-20676, CVE-2018-14040, CVE-2016-10735, CVE-2019-8331)

Summary IBM Aspera Orchestrator has addressed multiple vulnerabilities related to the use of vulnerable software jQuery and Bootstrap that could allow denial of service and cross-site scripting attacks. Vulnerability Details CVEID:CVE-2020-27511 DESCRIPTION: Prototype is vulnerable to a denial of...