2159 matches found
CVE-2023-23866
The CVE-2023-23866 entry concerns the WordPress plugin Interactive Geo Maps (Carlos Moreira) ≤ 1.5.8, with a Stored Cross-Site Scripting (XSS) flaw caused by inadequate escaping/validation of shortcode attributes. This allows contributors (and higher) to inject scripts that are persisted in pages...
CVE-2023-23866 WordPress Interactive Geo Maps Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Carlos Moreira Interactive Geo Maps plugin = 1.5.8 versions...
WordPress plugin Interactive Geo Maps 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
Dassault Systèmes DELMIA Apriso 代码问题漏洞
Dassault Systèmes DELMIA Apriso is an interactive manufacturing application for digital enterprises from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes DELMIA Apriso versions 2017 through 2022, which stems from a deserialization vulnerability in .NET objects. An...
USN-6033-1: Linux kernel (OEM) vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...
Command Shell, Reverse SCTP (via python)
Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf payloadshellreversesctp set ACTION msf payloadshellreversesctp show...
Unix Command Shell, Bind SCTP (via socat)
Creates an interactive shell via socat Module Options msf use payload/cmd/unix/bindsocatsctp msf payloadbindsocatsctp show actions ...actions... msf payloadbindsocatsctp set ACTION msf payloadbindsocatsctp show options ...show and set options... msf payloadbindsocatsctp run This module requires...
CVE-2023-23821
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...
CVE-2023-23821 WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...
CVE-2023-23821 WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...
CVE-2023-23821
The CVE-2023-23821 entry concerns the WordPress plugin Interactive Polish Map. Affected versions are 1.2 and earlier, with a Stored XSS vulnerability that requires admin+ privileges to exploit. The root cause is inadequate sanitization/escaping of settings, enabling stored cross-site scripting by...
WordPress plugin Interactive Polish Map 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
The vulnerability of the QvsViewClient client of the QlikView analytics platform allows a perpetrator to execute cross-site scripting attacks.
The vulnerability of the QvsViewClient client of the QlikView analytics platform is related to the lack of measures taken to protect the structure of the web page when creating interactive objects. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by...
ABB Multiple System 800xA Products Incorrect Default Permissions (CVE-2020-8487)
Insufficient protection of the inter-process communication functions in ABB System 800xA Base all published versions enables an attacker authenticated on the local system to inject data, affect node redundancy handling. This plugin only works with Tenable.ot. Please visit...
CVE-2023-25704
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
CVE-2023-25704
CVE-2023-25704 involves a Stored Cross-Site Scripting (XSS) vulnerability in the Mehjabin Orthi Interactive SVG Image Map Builder plugin for WordPress, affecting versions
CVE-2023-25704 WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
CVE-2023-26493 Command Injection in Cocos Engine workflow
Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...