13 matches found
EUVD-2024-47423
Malicious code in bioql PyPI...
CVE-2023-24279
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
BIT-WORDPRESS-MULTISITE-2024-6307 WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
DEBIAN-CVE-2024-6307
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
UBUNTU-CVE-2024-6307
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
CVE-2024-6307 WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
WordPress Core < 6.5.5 - Contributor+ Stored Cross-Site Scripting via HTML API
Contributor+ Stored Cross-Site Scripting via HTML API vulnerability discovered by WordPress Security Team in WordPress core versions 6.5.5...
WordPress < 6.5.5 - Contributor+ Stored XSS in HTML API
Description WordPress does not properly escape URL attributes in the HTML API, allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks...
PT-2024-37528
Name of the Vulnerable Software and Affected Versions: WordPress Core versions prior to 6.5.5 Description: The issue is related to Stored Cross-Site Scripting via the HTML API due to insufficient input sanitization and output escaping on URLs. This allows authenticated attackers with...
PublicCMS Security Vulnerabilities
PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A security vulnerability exists in PublicCMS version v.4.0.202302.e, which stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker can exploit the vulnerability to obtain...
Security update for libeconf, shadow and util-linux (moderate)
openSUSE Security Update: Security update for libeconf, shadow and util-linux Announcement ID: openSUSE-SU-2022:0727-1 Rating: moderate References: 1188507 1192954 1193632 1194976 SLE-23384 SLE-23402 Cross-References: CVE-2021-3995 CVE-2021-3996 CVSS scores: CVE-2021-3995 SUSE: 4.7...
Seeker v1.1.9 - Accurately Locate Smartphones Using Social Engineering
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a link which we will forward to the...
CVE-2013-1070
Cross-site scripting XSS vulnerability in the API in Ubuntu Metal as a Service MaaS 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/...