3 matches found
WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin WP VR versions = 8.5.14...
PT-2023-30874 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions prior to 8.5.14 Concrete CMS versions 9 prior to 9.2.3 Description: The issue allows Cross Site Request Forgery CSRF via the "ccm/calendar/dialogs/event/delete/submit" API endpoint. An attacker can force an admin to dele...
UBUNTU-CVE-2022-39201
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...