CVE-2023-35047

Cross-Site Request Forgery CSRF vulnerability in AREOI All Bootstrap Blocks plugin = 1.3.6 versions...

CVE-2023-35047

Cross-Site Request Forgery CSRF vulnerability in AREOI All Bootstrap Blocks plugin = 1.3.6 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in AREOI All Bootstrap Blocks plugin = 1.3.6 versions...

CVE-2023-35047 WordPress All Bootstrap Blocks Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in AREOI All Bootstrap Blocks plugin = 1.3.6 versions...

CVE-2023-35047

CVE-2023-35047 : Cross-Site Request Forgery in the WordPress plugin All Bootstrap Blocks (AREOI)

CVE-2023-35047 WordPress All Bootstrap Blocks Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in AREOI All Bootstrap Blocks plugin = 1.3.6 versions...

WordPress Plugin All Bootstrap Blocks 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

F5 Networks BIG-IP : Bootstrap vulnerability (K000133673)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.3 / 14.1.2.4 / 15.1.0 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000133673 advisory. - In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +52 more potentially affected by CVE-2023-34149 via org.apache.struts:struts2-core (>=6.0.0 <=6.1.2)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-34149 Source advisory: OSV:GHSA-8F6X...

WordPress All Bootstrap Blocks Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35047 Patch priority Low CVSS severity Low 4.3 Developer AREOI PSID 8b9a52ad65ee Credits LEE SE HYOUNG...

All Bootstrap Blocks < 1.3.7 - Cross-Site Request Forgery

The plugin does not properly validate user requests, leading to a potential Cross-Site Request Forgery CSRF vulnerability...

Arbitrary Code Execution

postgresql is vulnerable to Arbitrary Code Execution. The vulnerability is available within the 'CREATE SCHEMA' statement and can be used by a malicious attacker with database-level 'CREATE' privilege to bypass the protective 'searchpath' changes and execute arbitrary code as the bootstrap...

@aws-amplify/geo (>=2.0.13-push-notification-dryrun.43 <=2.0.35-unstable.15353e0.2), @aws-amplify/interactions (>=5.0.13-push-notification-dryrun.43 <=5.1.1-unstable.15353e0.2) +98 more potentially affected by CVE-2023-34104 via fast-xml-parser (>=4.1.3 <=4.2.3)

fast-xml-parser NPM version =4.1.3, =2.0.13-push-notification-dryrun.43, =5.0.13-push-notification-dryrun.43, =1.0.13-push-notification-dryrun.43, =5.0.13-push-notification-dryrun.43, =5.1.3-push-notification-dryrun.43, =1.1.6-exodus.1, =6.2.44, =9.1.0, =9.1.0, =9.53.0 and more Source cves:...

Malicious Package

Overview bootstrap-sass-official is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview vpro-bootstrap is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

CVE-2023-32711

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...

Cross site scripting

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...

CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...

CVE-2023-32711

The CVE-2023-32711 entry concerns Splunk Enterprise, where versions prior to 9.0.5, 8.2.11, and 8.1.14 expose a stored XSS via a dashboard view due to a vulnerability in Bootstrap (CVE-2019-8331). The issue allows a low-privilege user to craft a stored XSS payload that can be executed in the cont...

Splunk Enterprise 8.1.0 < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0605)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0605 advisory. - In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low- privileged user exploit a...