WordPress plugin Service Box 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-54767

An access control issue in the component /juisboxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. NOTE: this is disputed by the Supplier because it cannot be reproduced, and the issue report focuses on an unintended configuration wit...

WordPress Service Box plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Service Box versions = 1.9...

CVE-2024-54767

An access control issue in the component /juisboxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. NOTE: this is disputed by the Supplier because it cannot be reproduced, and the issue report focuses on an unintended configuration wit...

CVE-2024-54767

An access control issue in the component /juisboxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. NOTE: this is disputed by the Supplier because it cannot be reproduced, and the issue report focuses on an unintended configuration wit...

PT-2025-3071 · Avm · Avm Fritz!Box 7530 Ax

Name of the Vulnerable Software and Affected Versions: AVM FRITZ!Box 7530 AX version 7.59 Description: An access control issue in the component /juis boxinfo.xml allows attackers to obtain sensitive information without authentication. Recommendations: For version 7.59, consider restricting access...

CVE-2024-54767

AVM FRITZ!Box 7530 AX (v7.59) is affected by an access control flaw in the /juis_boxinfo.xml endpoint that can disclose sensitive information without authentication. The issue appears to originate from improper access controls on the boxinfo endpoint, enabling unauthenticated information disclosu...

WordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Standard Box Sizes – for WooCommerce versions = 1.6.13...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to an improper parsing of the TypeOne FontBBox. This is due to improper sanitization of the bbox values, which could lead to inconsistencies in font metrics or unexpected behavior. Remediation Upgrade...

Exploit for Cross-site Scripting in Pnetlab

Open Redirect CVE-2024-51112 + Exploit Author: Fatime Zeh...

PT-2024-39689 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Phlox theme plugin for WordPress versions up to, and including, 2.16.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's aux contact box and aux gmaps shortcodes due to insufficient input sanitization and outpu...

WordPress plugin Shortcodes and extra features for Phlox theme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

CVE-2024-50299

...

November 21, 2024—KB5046740 (OS Build 26100.2454) Preview

November 21, 2024—KB5046740 OS Build 26100.2454 Preview 11/12/24IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2024. There will be a monthly security release for December 2024...

CVE-2024-51656

Cross-Site Request Forgery CSRF vulnerability in litefeel Flash Show And Hide Box flash-show-and-hide-box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through = 1.6...

CVE-2024-51656 WordPress Flash Show And Hide Box plugin <= 1.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in litefeel Flash Show And Hide Box flash-show-and-hide-box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through = 1.6...

CVE-2024-51656 WordPress Flash Show And Hide Box plugin <= 1.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in litefeel Flash Show And Hide Box flash-show-and-hide-box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through = 1.6...

CVE-2024-51656

CVE-2024-51656 covers a CSRF-to-Stored XSS issue in the WordPress plugin Flash Show And Hide Box (litefeel). Affected versions are up to and including 1.6. The vulnerability involves cross-site request forgery that can lead to stored XSS, but the provided documents do not specify a confirmed expl...

AZL-53762 CVE-2024-50299 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctpsfootb A size validation fix similar to that in Commit 50619dbf8db7 "sctp: add size validation when walking chunks" is also required in sctpsfootb to address a crash reported by syzbot:...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from STB unavailability detection...