1086 matches found
CVE-2022-4325
The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin...
CVE-2022-4325
The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin...
CVE-2022-4325
CVE-2022-4325 affects the WordPress plugin Post Status Notifier Lite prior to version 1.10.1. The issue is a reflected XSS caused by improper sanitization/escaping of a parameter before output on the page, enabling an attacker to pull off script execution in the context of the site and potentiall...
CVE-2022-4325 Post Status Notifier Lite < 1.10.1 - Reflected XSS
The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin...
WordPress Plugin Post Status Notifier Lite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-14184 · WordPress · Post Status Notifier Lite
Name of the Vulnerable Software and Affected Versions: Post Status Notifier Lite WordPress plugin versions prior to 1.10.1 Description: The issue is related to a Reflected Cross-Site Scripting that can be used against high privilege users such as admin, due to the plugin not sanitising and escapi...
Post Status Notifier Lite < 1.10.1 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin. Make a logged in high privilege user such as admin open the URL below...
GHSA-W3X5-427H-WFQ6 Spring Boot Admins integrated notifier support allows arbitrary code execution
Impact All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are possibly affected. Patches In the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 the issue is fixed by implementing SimpleExecutionConte...
Spring Boot Admins integrated notifier support allows arbitrary code execution
Impact All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are possibly affected. Patches In the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 the issue is fixed by implementing SimpleExecutionConte...
CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution
Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...
CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution
Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...
PT-2022-27781 · Unknown · Spring-Boot-Admin
Name of the Vulnerable Software and Affected Versions: Spring Boot Admin versions prior to 2.6.10 Spring Boot Admin versions prior to 2.7.8 Description: The issue affects users who run Spring Boot Admin Server with enabled Notifiers and write access to environment variables via UI. This allows fo...
PT-2024-11837 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mac802154 component of the Linux kernel, specifically with errors in resource management in the ieee802154 if add function. This can lead to a null pointer...
kernel: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...
kernel: Drivers: hv: vmbus: Fix potential crash on module unload
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform some operations when a panic event is detected. Since vmbus can be built as module, it is required...
kernel: Drivers: hv: vmbus: Fix potential crash on module unload
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform some operations when a panic event is detected. Since vmbus can be built as module, it is required...
kernel: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token used to provision clusters, were stored in plaintext directly on Kubernetes objects like Clusters, for example...
GHSA-J7XV-FC46-HGPG Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file BigpandaGlobalNotifier.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controller file system. Additionall...
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file BigpandaGlobalNotifier.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controller file system. Additionall...