CVE-2022-3833

The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2022-3833 Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2022-3833

The CVE-2022-3833 entry documents a stored XSS vulnerability in the WordPress plugin Fancier Author Box by ThematoSoup (versions prior to 1.5). The root cause is improper sanitisation/escaping of certain settings, including those related to the disabled unfiltered_html feature, which can allow an...

WordPress plugin Fancier Author Box by ThematoSoup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fancier Author Box by ThematoSoup plugin 1.4 and earlier versions contain a cross-site scripting...

PT-2022-24371 · Thematosoup · The Fancier Author Box

Name of the Vulnerable Software and Affected Versions: The Fancier Author Box by ThematoSoup WordPress plugin versions prior to 1.5 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html...

GHSA-6X99-GV2V-Q76V FPE in `tf.image.generate_bounding_box_proposals`

Impact When running on GPU, tf.image.generateboundingboxproposals receives a scores input that must be of rank 4 but is not checked. python import tensorflow as tf a = tf.constantvalue=1.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0, 1.0 b = tf.constantvalue=1...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to a missing check of tf.image.generateboundingboxproposals that receives a scores input that must be of rank 4 when running on GPU. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. Referenc...

AZL-11527 CVE-2022-41888 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. When running on GPU, tf.image.generateboundingboxproposals receives a scores input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included i...

CVE-2022-41888 Unckecked rank size in `tf.image.generate_bounding_box_proposals` in Tensorflow

TensorFlow is an open source platform for machine learning. When running on GPU, tf.image.generateboundingboxproposals receives a scores input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included i...

PT-2022-26119 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1, 2.9.3, and 2.8.4 Description: TensorFlow is an open source platform for machine learning. When running on GPU, the function tf.image.generate bounding box proposals receives a scor...

CVE-2022-41888

TensorFlow is an open source platform for machine learning. When running on GPU, tf.image.generateboundingboxproposals receives a scores input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included i...

GHSA-W8FP-3GWQ-GXPW Concrete CMS vulnerable to Cross-site Request Forgery

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...

Concrete CMS vulnerable to Cross-site Request Forgery

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...

What is an External Penetration Test?

A penetration test also known as a pentest is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications. The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the...

NGWAF - First Iteration Of ML Based Feedback WAF

The Motivation | What is the N3XT ST3P? With the explosive growth of web applications since the early 2000s, web-based attacks have progressively become more rampant. One common solution is the Web Application Firewall WAF. However, tweaking rules of current WAFs to improve the detection mechanis...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a pairing confirmation box not popping up during Bluetooth pairing...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that use the Box connector may be vulnerable to arbitrary code execution due to [CVE-2022-36067]

Summary Node.js module vm2 is used by the Box connector in IBM App Connect Enterprise Certified Container IntegrationServer operands. IBM App Connect Enterprise Certified Container IntegrationServer operands that use the Box connector may be vulnerable to arbitrary code injection. This bulletin...

WordPress Fancier Author Box by ThematoSoup plugin <= 1.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Fancier Author Box by ThematoSoup plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary,...

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Open the setting page of this plugin. 2. There...

Arbitrary Code Execution

php8 is vulnerable to code executions. The vulnerability exists in imageloadfont function due to insufficient input validation which allows a remote attacker to execute arbitrary code via the Hardware Layer Code Box component on the /hardware page of the application...