CVE-2024-32890 Stored Cross-site Scripting in results JSON API in librespeed/speedtest

librespeed/speedtest is an open source, self-hosted speed test for HTML5. In affected versions missing neutralization of the ISP information in a speedtest result leads to stored Cross-site scripting in the JSON API. The processedString field in the ispinfo parameter is missing neutralization. It...

CVE-2024-32890 Stored Cross-site Scripting in results JSON API in librespeed/speedtest

librespeed/speedtest is an open source, self-hosted speed test for HTML5. In affected versions missing neutralization of the ISP information in a speedtest result leads to stored Cross-site scripting in the JSON API. The processedString field in the ispinfo parameter is missing neutralization. It...

CVE-2024-32890 Stored Cross-site Scripting in results JSON API in librespeed/speedtest

librespeed/speedtest is an open source, self-hosted speed test for HTML5. In affected versions missing neutralization of the ISP information in a speedtest result leads to stored Cross-site scripting in the JSON API. The processedString field in the ispinfo parameter is missing neutralization. It...

PT-2024-24943 · Unknown · Librespeed Speedtest

Name of the Vulnerable Software and Affected Versions: librespeed/speedtest versions 5.2.5 through 5.3.0 Description: The issue arises from missing neutralization of the ISP information in a speedtest result, leading to stored Cross-site scripting in the JSON API. The processedString field in the...

WordPress Plugin Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Disable Json API, Login...

PT-2024-18369 · WordPress · Disable Json Api

Name of the Vulnerable Software and Affected Versions: Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress versions up to, and including, 4.51 Description: The issue is related to unauthorized modification of data due to a missing...

CVE-2023-50858

Cross-Site Request Forgery CSRF vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34...

CVE-2023-50858

Cross-Site Request Forgery CSRF vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34...

CVE-2023-50858

CVE-2023-50858 is described as a CSRF vulnerability affecting the WordPress plugin antihacker (Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan). The supplied documents do not include concrete technical details (payloads, affected versions, root cause, im...

CVE-2023-50858 WordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34...

WordPress Plugin Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Disable Json API, Login...

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE

Description The plugin does not validate files to be uploaded, which could allow attackers with a low-privilege account e.g. subscribers to upload arbitrary files such as PHP on the server If plugin JSON API is enabled, any logged-in user may execute arbitrary code by uploading a PHP file. After...

UBUNTU-CVE-2023-5256

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

PT-2023-31979 · Drupal · Drupal Json:Api Module

Name of the Vulnerable Software and Affected Versions: Drupal JSON:API module affected versions not specified Description: In certain scenarios, Drupal's JSON:API module will output error backtraces, potentially causing sensitive information to be cached and made available to anonymous users,...

Vulnerability fixed in Drupal

Drupal has fixed a vulnerability in Drupal core. The vulnerability is located in the JSON:API module and allows an unauthenticated malicious party to gain access to sensitive data. No CVE ID has been disclosed for this vulnerability yet. Drupal has released updates to fix the vulnerability in...

DRUPAL-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

Metasploit Weekly Wrap-Up

New module content 2 Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: 17337 contributed by cn-kali-team Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these...

Exposure of Sensitive Information in Jenkins Core

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints...

Authorization

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...