CVE-2019-15842

The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS...

CVE-2019-15842

The CVE-2019-15842 entry concerns the WordPress plugin easy-pdf-restaurant-menu-upload (pre-1.1.2). A cross-site scripting (XSS) vulnerability exists in this plugin, allowing attackers to execute client-side code. Public details indicate the issue affects versions before 1.1.2; remediation is to ...

CVE-2019-15842

The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS...

CVE-2019-15820

The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmisavesettings authentication...

CVE-2011-5329

The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562...

Code injection

The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562...

CVE-2011-5329

CVE-2011-5329 affects the WordPress redirection plugin prior to version 2.2.9 and describes an XSS in the admin menu (distinct from CVE-2011-4562). Connected Red Hat and NVD records corroborate the XSS in the same plugin family. The advisory does not provide additional exploitation details or pre...

WordPress Responsive Menu Plugin < 3.1.4 CSRF Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

@idearium/cli (>=1.0.0 <=4.3.0-beta.0), @stoplight/command (>=0.0.11-1 <=0.0.24) +27 more potentially affected by CVE-2019-10747 via set-value (=3.0.0)

set-value NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @idearium/cli =1.0.0, =0.0.11-1, =0.0.11-29, =0.0.11-1, =0.0.11-1, =0.0.11-1, =0.0.18, =0.0.11-1, =0.0.11-1, =0.0.11-30, =0.0.11-1, =0.0.18,...

Security update for teeworlds (moderate)

openSUSE Security Update: Security update for teeworlds Announcement ID: openSUSE-SU-2019:1999-1 Rating: moderate References: 1112910 1131729 Cross-References: CVE-2018-18541 CVE-2019-10877 CVE-2019-10878 CVE-2019-10879 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes four...

CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

Cross site request forgery (csrf)

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

CVE-2017-18513

Affected software: WordPress, plugin “responsive-menu” prior to 3.1.4. Root cause: missing CSRF protection in the admin interface. Vulnerability description: CVE-2017-18513 documents a CSRF risk for admin actions in the responsive-menu plugin. Multiple connected sources (Red Hat, CNVD, NVD, PRION...

CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

spice-gtk security and bug fix update

libgovirt 0.3.4-2 - Parse XML nodes automatically Related: rhbz1427467 - Set detailed error message for async call Related: rhbz1427467 spice-gtk 0.35-4 - Fix bad channel-reset on usbredir Resolves: rhbz1625550 0.35-3 - Fix insufficient encoding checks for LZ Resolves: rhbz1598652 spice-vdagent...

January 22, 2019—KB4476976 (OS Build 17763.292)

January 22, 2019—KB4476976 OS Build 17763.292 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that may cause Microsoft Edge to stop working with certain display drivers...

UNA Cross-Site Scripting Vulnerability

UNA is a full-stack software platform for building custom community websites, social networks and collaboration centers. A cross-site scripting vulnerability exists in studio/buildermenu.php?page=sets in UNA version 10.0.0-RC1, which stems from a lack of proper validation of client-side data in t...

Sql injection

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. This issue is mitigated by the attacker needing permissions to create...

CVE-2019-11198

Multiple cross-site scripting XSS vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 300583 - List Manager Dashboard module, 2 307638 - Campaign Creator module, 3 316994 - Attributes field, 4 I316995 - Icon Selection module, 5...

CVE-2019-11198

Multiple cross-site scripting XSS vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 300583 - List Manager Dashboard module, 2 307638 - Campaign Creator module, 3 316994 - Attributes field, 4 I316995 - Icon Selection module, 5...