Next.js Framework 13.4.x < 15.5.16 / 16.x < 16.2.5 Stored XSS

The Next.js Framework on the remote host is affected by a stored cross-site scripting vulnerability: - App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from...

CVE-2024-4772

An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126...

PT-2024-20728 · Renesas · Renesas Smartbond

Name of the Vulnerable Software and Affected Versions: Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699 Description: An issue was discovered where the Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without...

the nonce value is not increasing everytime

Lines of code Vulnerability details Impact the nonce value is not increasing everytime The nonce value is used to create the TypeHashHelper.Transaction struct that's passed to the buildTransactionStructHash function. The actual value of executorNonceexecRequest.accountexecRequest.executor is...

CVE-2023-3547 All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks...

SecurityCouncilMemberSyncAction : perform function can be continually DOSed which will prevent the valid update the members of the gnosis safe

Lines of code Vulnerability details Impact The securityCouncil update will be prevented by continuously calling the perform function. Since the function rely on the nonce value, this function can be continuously called and nonce value is updated. This would prevent the valid security council upda...

Authorization

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not...

CVE-2022-3794 Jeg Elementor Kit <= 2.5.6 - Authorization Bypass

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not...

Soledad < 8.2.5 - Reflected Cross-site Scripting

The theme does not sanitise the id,datafiltertype,... parameters in its pencimoreslistpostajax AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. PoC A threat actor can collect the nonce value on the main webpage by searching for it on the ajaxvarmore call: var ajaxvarmor...

CVE-2022-31158 Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

Easy Social Icons < 3.1.4 - Admin+ SQL Injection

The plugin does not sanitize the selectedicons attribute to the cnsswidget before using it in an SQL statement, leading to a SQL injection vulnerability. PoC Author : Qerogram import requests from bs4 import BeautifulSoup BASEURL = "http://localhost:8000" id = "wordpress" pw = "wordpress" def...

MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation

The plugin does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin PoC The nonce value of the stmlmsregister request must be retrieved from the ajax page. for this you should check the home page POST...

Salvoravida React-adal Authorization Issues Vulnerability

Salvoravida React-adal is a JS language based codebase for interacting with Azure Active Directory by Salvoravida Individual Developer. react-adal suffers from an authorization issue vulnerability that stems from the fact that for specially designed JWT tokens and request URLs, it is possible to...

Design/Logic Flaw

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

Nonce Values Unchecked

python-oauth2 is vulnerable to replay attacks. This vulnerability is caused in the Server.verifyrequest function where it does not check the nonce value, allowing remote attackers to perform replay attacks through a signed URL...

WordPress 3.8.1 / 3.8.2 / 4.2.2 Cross Site Request Forgery Vulnerability

A cross site request forgery vulnerability in the comment form of WordPress versions 3.8.1, 3.8.2, and 4.2.2 allows for administrative impersonation. Details ================ Software: WordPress Version: 3.8.1,3.8.2,4.2.2 Homepage: http://wordpress.org/ Advisory report:...

WordPress 3.8.1 / 3.8.2 / 4.2.2 Cross Site Request Forgery

Details ================ Software: WordPress Version: 3.8.1,3.8.2,4.2.2 Homepage: http://wordpress.org/ Advisory report: https://security.dxw.com/advisories/comment-form-csrf-allows-admin-impersonation-via-comments-in-wordpress-4-2-2/ CVE: Awaiting assignment CVSS: 4.3 Medium;...

MGASA-2013-0314 Updated python-oauth2 packages fix CVE-2013-4347

It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...

tomcat: three DIGEST authentication implementation issues

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...