CVE-2023-47304

The CVE pertains to Vonage Box Telephone Adapter VDV23, affected in version VDV21-3.2.11-0.5.1. The root cause is improper or bypassable UART authentication, enabling local attackers to read/write arbitrary memory values on the device. This yields high impact across confidentiality, integrity, an...

CVE-2023-47304

An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device...

CVE-2023-5809

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5874

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5874

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5809

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5809 Popup box < 3.8.6 - Admin+ Stored XSS in Categories

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5809

The CVE-2023-5809 entry concerns the Popup box WordPress plugin prior to version 3.8.6. Multiple sources confirm that the plugin does not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, including multisite deplo...

CVE-2023-5874 Popup box < 3.8.6 - Admin+ Stored XSS in Popup Settings

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5874

CVE-2023-5874 affects the Popup box WordPress plugin pre-3.8.6. The vulnerability arises from inadequate sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The impact is stored XSS in plu...

WordPress plugin Popup box security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress plugin Popup box security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

PT-2023-30404 · Vonage · Vonage Box Telephone Adapter Vdv23

Name of the Vulnerable Software and Affected Versions: Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1 Description: An issue was discovered that allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device. This issue...

PT-2023-32343 · WordPress · Popup Box Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Popup box WordPress plugin versions prior to 3.8.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

CVE-2023-39921

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through...

CVE-2023-39921

CVE-2023-39921 describes a Stored XSS in the Molongui Author Box, Guest Author and Co-Authors for Your Posts plugin for WordPress (up to 4.6.19). The issue stems from improper input sanitization during web page generation, enabling injection of scripts by authenticated administrators. Affected co...

PT-2023-27156 · Molongui · Molongui Author Box

Name of the Vulnerable Software and Affected Versions: Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui versions through 4.6.19 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting...

WordPress Plugin Author Box, Guest Author and Co-Authors for Your Posts Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2023-48952

An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...