2160 matches found
CVE-2023-20609
In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864...
Interactive Geo Maps < 1.5.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
SSTImap - Automatic SSTI Detection Tool With Interactive Interface
SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to be used as an interactive penetration testing tool for SSTI detection...
bigben-interactive.de Cross Site Scripting vulnerability OBB-3168092
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Deno is vulnerable to race condition via interactive permission prompt spoofing
Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...
GHSA-MC52-JPM2-CQH6 Deno is vulnerable to race condition via interactive permission prompt spoofing
Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...
WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Interactive Polish Map Type Plugin Vulnerable versions = 1.2 Fixed in 1.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23821 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID be3ac8b7a0a2 Credits Rio Darmawan...
CVE-2023-22499
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
Code injection
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
CVE-2023-22499 Interactive permission prompt spoofing in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
CVE-2023-22499 Interactive permission prompt spoofing in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
CVE-2023-22499 Interactive permission prompt spoofing in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
CVE-2023-22499
CVE-2023-22499 (Deno) describes a race-condition vulnerability where multi-threaded code could spoof the interactive permission prompt by rewriting the prompt, potentially clearing the terminal and displaying a generic message. Affected component: Deno runtime (JavaScript/TypeScript, built with R...
PT-2023-1315 · Deno · Deno
Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.29.3 Description: The issue is related to errors in synchronization when using a shared resource in Deno, a runtime for JavaScript and TypeScript. This could allow a remote attacker to execute arbitrary code...
CVE-2022-4393
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4391
The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4391 Vision Interactive For WordPress <= 1.5.3 - Contributor+ Stored XSS
The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4391
The Vision Interactive For WordPress plugin (versions ≤ 1.5.3) contains a Stored XSS risk due to inadequate sanitization/escaping of some settings, allowing low-privilege users (e.g., Contributor+) to inject scripts even when unfiltered_html is disallowed. The issue is documented across multiple ...
CVE-2022-4391 Vision Interactive For WordPress <= 1.5.3 - Contributor+ Stored XSS
The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...