PT-2023-27026 · Unknown · Zenario Cms

Name of the Vulnerable Software and Affected Versions: Zenario CMS version 9.4 Description: A stored cross-site scripting XSS vulnerability in the Create function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field. This...

CVE-2023-32516

Unauth. Reflected Cross-Site Scripting XSS vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin = 2.3.6 versions...

CVE-2023-32516

Unauth. Reflected Cross-Site Scripting XSS vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin = 2.3.6 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin = 2.3.6 versions...

CVE-2023-32516

CVE-2023-32516 corresponds to an unauthenticated reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin GloriaFood Restaurant Menu – Food Ordering System – Table Reservation . Affected versions are

CVE-2023-32516 WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin = 2.3.6 versions...

WordPress plugin Restaurant Menu – Food Ordering System – Table Reservation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Restaurant Menu - Food...

WordPress Bubble Menu – circle floating menu Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Bubble Menu – circle floating menu Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3650 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29b436660257 Credits Dipak...

CVE-2023-3650

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2023-3650

CVE-2023-3650 affects the WordPress Bubble Menu plugin (versions before 3.0.5). The issue is that the plugin does not sanitize and escape certain settings, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (notably in multisite set...

CVE-2023-3650 Bubble Menu < 3.0.5 - Admin+ Stored XSS

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

WordPress plugin Bubble Menu cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2023-25595 · WordPress · Bubble Menu Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Bubble Menu WordPress plugin version 3.0.4 and earlier Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...

CVE-2023-38990

An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator...

PT-2023-26719 · Jeesite · Jeesite

Name of the Vulnerable Software and Affected Versions: jeesite version 1.2.6 Description: An issue in the delete function in the MenuController class allows authenticated attackers to arbitrarily delete menus created by the Administrator. Recommendations: For jeesite version 1.2.6, consider...

WordPress Menu Image, Icons Made Easy Plugin < 3.0.6 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:freshlightlab:menuimage%2ciconsmadeeasy"; ifdescription...

WordPress WP Clone Menu Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software WP Clone Menu Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38395 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 742fee0ddf05 Credits Abdi Pranata Required privilege...

Aures Booking & POS Terminal - Local Privilege Escalation Vulnerability

Exploit Title: Aures Booking & POS Terminal - Local Privilege Escalation Common Vulnerability Scoring System: ==================================== 7.2 Vulnerability Class: ==================== Privilege Escalation Current Estimated Price: ======================== 3.000€ - 4.000€ Product & Service...

Shortcuts to apps not seen in the start menu of the published desktop

Shortcuts are not visible in the published desktop or windows start menu even after the correct policies have been applied Enable Desktop shortcut...

Aures Booking &amp; POS Terminal - Local Privilege Escalation

Exploit Title: Aures Booking & POS Terminal - Local Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2323 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 2323 Common...