Malicious code in fc-mijn-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1239e10e2e52412b4a13dac91c28d9b96d0b6d6e79213b3d9a80d394f8e768f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-357 Malicious code in fc-mijn-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1239e10e2e52412b4a13dac91c28d9b96d0b6d6e79213b3d9a80d394f8e768f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Bubble Menu – circle floating menu Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Bubble Menu – circle floating menu Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2362 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 5c8ff648baff Credits Erw...

WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Easy Admin Menu Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33929 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d28d5c2d98dc Credits Rio Darmawan Required...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32516 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

CVE-2023-29336

Win32k Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at May 31, 2023 9:15pm UTC reported: Doing a patch diff between a Windows 10 1607 x86 version of win32kfull.sys prior to the patch and after the patch shows that only one function changed: xxxEnableMenuItem. Looking at th...

Online Food Ordering System 代码问题漏洞

Online Food Ordering System is an online food ordering system by Carlo Montero, a personal developer. A security vulnerability exists in Online Food Ordering System v2.0, which is caused by an arbitrary file upload vulnerability in the component /admin/ajax.php?action=savemenu, which can be...

CVE-2023-29849

Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter...

CVE-2023-29848

Bang Resto 1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the itemName parameter in the admin/menu.php Add New Menu function...

PT-2023-22444 · Unknown · Bang Resto

Name of the Vulnerable Software and Affected Versions: Bang Resto version 1.0 Description: The issue is related to a stored cross-site scripting XSS vulnerability. This vulnerability can be exploited via the itemName parameter in the admin/menu.php Add New Menu function. Recommendations: For Bang...

GHSA-Q55C-HMPF-6H2G AzuraCast/AzuraCast vulnerable to cross-site scripting

AzuraCast/AzuraCast prior to version 0.18.0 is vulnerable to stored cross-site scripting. An issue was identified where a user who already had an AzuraCast account could update their display name to inject malicious JavaScript into the header menu of the site. In a majority of cases, this menu is...

Bang Resto 1.0 Cross Site Scripting

Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting XSS Date: 2023-04-02 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip...

January 10, 2023—KB5022287 (OS Build 22000.1455)

January 10, 2023—KB5022287 OS Build 22000.1455 Important: For Windows Recovery Environment WinRE devices, see the updated 1/20/23 Special instructions for Windows Recovery Environment WinRE devices in the How to get this update section to address security vulnerabilities in CVE-2022-41099. For...

PT-2023-10163 · Bestwebsoft · Bestwebsoft Contact Form Plugin

Name of the Vulnerable Software and Affected Versions: BestWebSoft Contact Form Plugin version 1.3.4 Description: A vulnerability was found in the BestWebSoft Contact Form Plugin and classified as problematic. The issue affects the function bws add menu render of the file bws menu/bws menu.php. T...

CVE-2023-23870

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 versions...

CVE-2023-23870

CVE-2023-23870 affects the WordPress plugin wpdevart Responsive Vertical Icon Menu (versions ≤ 1.5.8). The vulnerability is a Stored Cross-Site Scripting (XSS) that requires authentication with admin or higher privileges. The issue stems from the plugin’s handling of input in its menu/icon functi...

WordPress plugin Responsive Vertical Icon Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress HT Menu Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Menu Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23791 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4413b3296cb1 Credits István Márton Required...

HT Menu < 1.2.2 - Cross-Site Request Forgery

The plugin does not adequately validate certain requests use nonces, which can lead to a Cross-Site Request Forgery CSRF vulnerability...

CVE-2023-1575

The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...