Rocky Linux 8 : fwupd (RLSA-2021:2566)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2566 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

OPENSUSE-SU-2023:0353-1 Security update for opera

This update for opera fixes the following issues: - Update to 104.0.4944.36 CHR-9492 Update Chromium on desktop-stable-118-4944 to 118.0.5993.118 DNA-112757 Tab close button Close button is cutted when a lot tabs are opened - The update to chromium 118.0.5993.118 fixes following issues:...

WordPress Advance Menu Manager Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Advance Menu Manager Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b26c2029d405 Credits WordFence Required...

Bellows Accordion Menu < 1.4.3 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not adequately sanitize user-supplied attributes in shortcodes, nor does it correctly escape output. This can lead to injection of arbitrary web scripts in pages by authenticated users with contributor-level permissions...

CVE-2023-45341

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45341

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database...

Online Food Ordering System SQL Injection Vulnerability

Online Food Ordering System is an online food ordering system developed by Carlo Montero. A SQL injection vulnerability exists in Online Food Ordering System v1.0, which is caused by insufficient filtering of the price parameter on the routers/menu-router.php page, resulting in a SQL injection...

SUSE CVE-2015-5281

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux RHEL 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted 1 multiboot or 2 multiboot2 module in the configuration file or physically proximate attacke...

CVE-2023-5164

The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5565

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5565

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Cross site scripting

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5565 Shortcode Menu <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5565 Shortcode Menu <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5164

The Bellows Accordion Menu plugin for WordPress is affected by a stored XSS in shortcode attributes (versions up to and including 1.4.2) due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling injection of scr...

WordPress Plugin Shortcode Menu Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Shortcode Menu Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Software Shortcode Menu Type Plugin Vulnerable versions = 3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5565 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1e670460201 Credits István Márton Required...

WordPress Plugin Bellows Accordion Menu Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-32180 · WordPress · Shortcode Menu

Name of the Vulnerable Software and Affected Versions: Shortcode Menu plugin for WordPress versions up to, and including, 3.2 Description: The issue is related to Stored Cross-Site Scripting via the shortmenu shortcode due to insufficient input sanitization and output escaping on user-supplied...

WordPress Bellows Accordion Menu Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Bellows Accordion Menu Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5164 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 390a77233aee Credits István Márton...