74 matches found
CVE-2024-44059 WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...
WordPress plugin Custom Query Blocks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2024-30926 · Mediaron Llc · Custom Query Blocks
Name of the Vulnerable Software and Affected Versions: MediaRon LLC Custom Query Blocks versions n/a through 5.3.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacke...
WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! in WordPress Plugin Custom Query Blocks versions = 5.3.1...
WordPress Custom Query Blocks Plugin <= 5.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Custom Query Blocks Type Plugin Vulnerable versions = 5.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44059 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3fa2441e978e Credits 4rCanJ0x! Required privilege...
WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Custom Query Blocks versions = 5.2.0...
WordPress Custom Query Blocks Plugin <= 5.2.0 is vulnerable to Broken Access Control
Software Custom Query Blocks Type Plugin Vulnerable versions = 5.2.0 Fixed in 5.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38794 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c14273e201ef Credits Joshua Chan Required...
kernel: ACPI: EC: Fix oops when removing custom query handlers
A flaw was found in the Linux kernel's ACPI Embedded Controller EC subsystem. When removing custom query handlers, a kernel oops can occur if the handler is still being executed in the EC query workqueue while the module containing the callback function is being unloaded. The fix ensures the...
Null pointer dereference
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...
CVE-2023-38321
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...
PT-2023-26359 · Opennds +1 · Opennds +1
Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 4.17.0.12 Description: The issue allows remote attackers to cause a denial of service through a GET request to "/opennds auth/" that lacks a custom query string parameter and client-token, resulting in a NULL pointer...
GHSA-4CPV-669C-R79X Prevent injection of invalid entity ids for "autocomplete" fields
Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...
PT-2023-27912 · Symfony · Symfony/Ux-Autocomplete
Name of the Vulnerable Software and Affected Versions: symfony/ux-autocomplete versions prior to 2.11.2 Description: The issue allows an attacker to submit an entity id for an EntityType that is not part of the valid choices under certain circumstances. This can occur in applications that use a...
PHP 4.x SafeMode Arbitrary File Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, and...