6513 matches found
CVE-2023-47223 WordPress Basic Interactive World Map Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Map Plugins Basic Interactive World Map plugin = 2.0 versions...
WordPress Plugin Basic Interactive World Map Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
kernel: drm/gud: Fix UBSAN warning
A flaw was found in the GUD Generic USB Display driver in the Linux kernel. Uninitialized iosysmap variables on the stack contain garbage values in their isiomem boolean field. When iosysmapclear checks this field, UBSAN flags it as an invalid boolean value, indicating potential undefined behavio...
kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the coredump code
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 "coredump: Use the vma snapshot in fillfilesnote" not applied yet, then kernel could be affected...
kernel: bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE
A flaw was found in the bpftool distributed by the Linux kernel. A NULL pointer dereference can be triggered when bpftool is used to pin PROG, MAP, LINK without FILE due to a missing validation. This issue can result in a denial of service...
kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sockmapclose,destroy,unhash call itself sockmap proto callbacks should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stack overflow in favor of...
grafana: persistent xss in grafana core plugins
A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-site scripting, where an attacker with an Editor role can add...
WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS)
Software CBX Map for Google Map & OpenStreetMap Type Plugin Vulnerable versions = 1.1.11 Fixed in 1.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47240 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 37695d80e832 Credit...
WordPress Basic Interactive World Map Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Software Basic Interactive World Map Type Plugin Vulnerable versions = 2.0 Fixed in 2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47223 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 49944254b130 Credits DoYeon Park p6rkdoye0n Require...
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...
GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j
The remote host is affected by the vulnerability described in GLSA-202310-16 Ubiquiti UniFi: remote code execution via bundled log4j - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provid...
CVE-2023-46558
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice...
CVE-2023-46190
Cross-Site Request Forgery CSRF vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin = 1.1.2 versions...
CVE-2023-46190
Cross-Site Request Forgery CSRF vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin = 1.1.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin = 1.1.2 versions...
PT-2023-30088 · Totolink · Totolink X2000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R Gh version 1.0.0-B20230221.0948.web Description: A stack overflow issue was discovered in the function formMapDelDevice. Recommendations: For version 1.0.0-B20230221.0948.web, as a temporary workaround, consider disabling the...
WordPress Plugin Novo-Map : your WP posts on custom google maps Cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Novo-Map : your WP posts o...
CVE-2023-46190 WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin = 1.1.2 versions...
CVE-2023-46190
CVE-2023-46190 affects the WordPress plugin Novo-map (Novo-Map) up to version 1.1.2. The issue is a Cross-Site Request Forgery (CSRF) vulnerability that, per sources, can be exploited with unauthenticated privileges to trigger actions on behalf of an authenticated user. Remediation: upgrade to a ...