Lucene search
K

74 matches found

Cvelist
Cvelist
added 2024/09/15 8:10 a.m.40 views

CVE-2024-44059 WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...

6.5CVSS0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/15 12:0 a.m.4 views

WordPress plugin Custom Query Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/15 12:0 a.m.4 views

PT-2024-30926 · Mediaron Llc · Custom Query Blocks

Name of the Vulnerable Software and Affected Versions: MediaRon LLC Custom Query Blocks versions n/a through 5.3.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacke...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/08/29 12:44 p.m.3 views

WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! in WordPress Plugin Custom Query Blocks versions = 5.3.1...

6.5CVSS6.1AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.20 views

WordPress Custom Query Blocks Plugin <= 5.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44059 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3fa2441e978e Credits 4rCanJ0x! Required privilege...

6.5CVSS6.6AI score0.00248EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/22 12:27 p.m.5 views

WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Custom Query Blocks versions = 5.2.0...

5.3CVSS7AI score0.00385EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/22 12:0 a.m.13 views

WordPress Custom Query Blocks Plugin <= 5.2.0 is vulnerable to Broken Access Control

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.2.0 Fixed in 5.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38794 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c14273e201ef Credits Joshua Chan Required...

5.3CVSS6.3AI score0.00385EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/22 10:3 a.m.3 views

kernel: ACPI: EC: Fix oops when removing custom query handlers

A flaw was found in the Linux kernel's ACPI Embedded Controller EC subsystem. When removing custom query handlers, a kernel oops can occur if the handler is still being executed in the EC query workqueue while the module containing the callback function is being unloaded. The fix ensures the...

5.8AI score0.00177EPSS
Exploits0References5
Prion
Prion
added 2023/12/25 9:15 a.m.16 views

Null pointer dereference

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

5CVSS7.1AI score0.01103EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/12/25 9:15 a.m.29 views

CVE-2023-38321

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

7.5CVSS7.1AI score0.01103EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.5 views

PT-2023-26359 · Opennds +1 · Opennds +1

Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 4.17.0.12 Description: The issue allows remote attackers to cause a denial of service through a GET request to "/opennds auth/" that lacks a custom query string parameter and client-token, resulting in a NULL pointer...

7.5CVSS7.5AI score0.01103EPSS
Exploits0References15
OSV
OSV
added 2023/09/11 2:43 p.m.32 views

GHSA-4CPV-669C-R79X Prevent injection of invalid entity ids for "autocomplete" fields

Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...

6.5CVSS6.3AI score0.00523EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.7 views

PT-2023-27912 · Symfony · Symfony/Ux-Autocomplete

Name of the Vulnerable Software and Affected Versions: symfony/ux-autocomplete versions prior to 2.11.2 Description: The issue allows an attacker to submit an entity id for an EntityType that is not part of the valid choices under certain circumstances. This can occur in applications that use a...

6.5CVSS6.2AI score0.00523EPSS
Exploits0References12
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.35 views

PHP 4.x SafeMode Arbitrary File Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, and...

7.1AI score
Exploits0
Rows per page
Query Builder