CVE-2024-3681

The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search s parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-3681 Interactive World Maps <= 2.4.14 - Reflected Cross-Site Scripting

The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search s parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-3681

The CVE CVE-2024-3681 affects the Interactive World Maps WordPress plugin. A Reflected Cross-Site Scripting (XSS) vulnerability exists via the search parameter in all versions up to 2.4.14, caused by insufficient input sanitization and output escaping. Exploitation requires a user to click a craf...

WordPress Plugin Interactive World Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 CVSS score: 10.0, could be weaponized to obtain unauthenticated remote shell command execution o...

WordPress Interactive World Maps plugin <= 2.4.14 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Usama Arshad in WordPress Plugin Interactive World Maps versions = 2.4.14...

WordPress Interactive World Maps Plugin <= 2.4.14 is vulnerable to Cross Site Scripting (XSS)

Software Interactive World Maps Type Plugin Vulnerable versions = 2.4.14 Fixed in 2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3681 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 878a6d2b6c74 Credits Usama Arshad...

CVE-2024-32694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook...

CVE-2024-32694

CVE-2024-32694 affects the Real 3D FlipBook WordPress plugin (3D FlipBook, PDF Viewer, PDF Embedder). The flaw is a Reflected XSS in input handling that can occur in Real 3D FlipBook up to version 3.62. Public details in connected records confirm the vulnerability type and affected products; expl...

WordPress Vision Interactive Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software Vision Interactive Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32779 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ed5556ff45af Credits Steven Julian Required...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

CVE-2023-33806

The CVE-2023-33806 issue concerns Hikvision Interactive Tablet DS-D5B86RB/B, version 2.3.0 build220119, with insecure default configurations that allow an attacker to execute arbitrary commands. The connected sources (Red Hat and CNNVD/NVD/CVE lists, and PT-Security note) confirm the product and ...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

PT-2024-12442 · Hikvision · Hikvision Interactive Tablet Ds-D5B86Rb/B

Name of the Vulnerable Software and Affected Versions: Hikvision Interactive Tablet DS-D5B86RB/B version 2.3.0 build220119 Description: Insecure default configurations in the Hikvision Interactive Tablet allow attackers to execute arbitrary commands. Recommendations: For version 2.3.0 build220119...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17934)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to view a server...

Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a cross-site scripting vulnerability that stems from improper coding or escaping, which can be...

CLSA-2024-1712672592 git: Fix of 2 CVEs

CVE-2021-40330: forbid newlines in host and path in gitconnect - CVE-2022-39260: shell - limit size of interactive commands...

curl security and bug fix update

7.61.1-33.5 - cap SFTP packet size sent RHEL-5485 - when keyboard-interactive auth fails, try password 2229800 - unify the upload/method handling CVE-2023-28322 - fix cookie injection with none file CVE-2023-38546 - lowercase the domain names before PSL checks CVE-2023-46218...