CVE-2024-22288

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping...

CVE-2024-22288 WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping...

WordPress Plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress Plugin WooCommerce PDF...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.0 Fixed in 4.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22288 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

CVE-2024-0957

CVE-2024-0957 affects the WordPress plugin “WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels” up to version 4.4.1. It is a stored cross‑site scripting vulnerability in the Customer Notes field caused by insufficient input sanitization and output escaping, allowing unaut...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0957 Patch priority Medium CVSS severity Medium 7.1 Developer...

CVE-2024-0683 Bulgarisation for WooCommerce <= 3.0.14 - Missing Authorization

The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and...

CVE-2024-2395

The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to generate and delete...

Bulgarisation for WooCommerce < 3.0.15 - Missing Authorization

Description The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level...

Sql injection

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex...

PT-2024-2087 · Unknown · Postgresql Anonymizer

Name of the Vulnerable Software and Affected Versions: PostgreSQL Anonymizer version 1.2 Description: The issue is related to a SQL injection vulnerability in PostgreSQL Anonymizer. This vulnerability allows a user who owns a table to elevate their privileges to superuser when dynamic masking is...

BIT-GITLAB-2021-22199

An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used...

BIT-JENKINS-2020-2161

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

CentOS 9 : dhcp-4.4.2-18.b1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dhcp-4.4.2-18.b1.el9 build changelog. - In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it...

CVE-2020-36786

In the Linux kernel, the following vulnerability has been resolved: media: next staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554platformdatafunc returns an error there is a memory leak on the error return path of object flash. Fix this by adding an err...

CVE-2020-36786

In the Linux kernel, the following vulnerability has been resolved: media: next staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554platformdatafunc returns an error there is a memory leak on the error return path of object flash. Fix this by adding an err...

Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not sanitizing the file in the "data import" function via the file upload feature before being rendered within the Choices or Labels tag. An attacker can inject malicious scripts into the code or imported data whic...

Design/Logic Flaw

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

GHSA-6XV9-957J-QFHG Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...