Lucene search
K

154 matches found

Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.5 views

PT-2024-20938 · WordPress · Permalink Manager Lite

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1 Description: The issue allows unauthorized access to data due to a missing capability check on the get uri editor function. This enables unauthenticated...

4.3CVSS9.6AI score0.00623EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.7 views

PT-2024-20908 · WordPress · Permalink Manager Lite

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1 Description: The issue arises from a missing capability check on the ajax save permalink function, allowing authenticated attackers with author access or above...

5.4CVSS9.4AI score0.00568EPSS
Exploits1References7
Veracode
Veracode
added 2024/03/01 4:54 a.m.16 views

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to an information disclosure. The vulnerability is due to insufficient sanitization of the metadata on posts containing permalinks under specific conditions, allowing an authenticated user to access the contents of individual posts in channels...

4.3CVSS6.1AI score0.0036EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/02/29 12:31 p.m.17 views

GHSA-HWJF-4667-GQWX Mattermost allows attackers access to posts in channels they are not a member of

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...

5.3CVSS4.1AI score0.0036EPSS
Exploits0References3
NVD
NVD
added 2024/02/29 11:15 a.m.29 views

CVE-2024-1952

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...

4.3CVSS3.6AI score0.00367EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 11:15 a.m.12 views

Design/Logic Flaw

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...

4CVSS7AI score0.0036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/29 10:42 a.m.13 views

CVE-2024-1952

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...

3.1CVSS6.5AI score0.00367EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.3 views

PT-2024-18438 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.8 Mattermost versions 9.2.x through 9.2.4 Mattermost version 9.3.0 Description: The issue arises from the failure to sanitize metadata on posts containing permalinks under specific conditions. This allows...

5.3CVSS6.7AI score0.0036EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.4 views

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 8.1.x up to and including 8.1.9, which stems from an inability to clean data associated with permalinks. An attacker exploiting the vulnerability...

4.3CVSS6.7AI score0.00367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.4 views

PT-2024-18446 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.8 Description: The issue allows an authenticated attacker who can control the update of an ephemeral post to access individual posts' contents in channels they are not a member of. This is due to a failur...

4.3CVSS6.9AI score0.00367EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.5 views

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 8.1.x through prior to 8.1.9, 9.2.x through prior to 9.2.5, and 9.3.0, which stems from an inability to clean up metadata on posts containing...

4.3CVSS6.7AI score0.0036EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.5 views

PT-2024-17246 · WordPress · The Wp Club Manager – Wordpress Sports Club Plugin

Name of the Vulnerable Software and Affected Versions: The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress versions up to, and including, 2.2.10 Description: The issue is related to a missing capability check on the settings save function, allowing unauthorized modification of...

5.3CVSS6AI score0.0051EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.13 views

Permalinks Customizer <= 2.8.2 - Reflected Cross-Site Scripting

Description The Permalinks Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

7.1CVSS8.6AI score0.00412EPSS
Exploits0References1
OSV
OSV
added 2023/11/22 10:15 p.m.3 views

CVE-2023-47773

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

6.1CVSS7.3AI score0.00412EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 10:15 p.m.18 views

CVE-2023-47773

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

7.1CVSS0.00412EPSS
Exploits0References1
Prion
Prion
added 2023/11/22 10:15 p.m.16 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

5.8CVSS7.1AI score0.00412EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/22 10:5 p.m.21 views

CVE-2023-47773 WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

7.1CVSS7.1AI score0.00412EPSS
Exploits0References1
CVE
CVE
added 2023/11/22 10:5 p.m.79 views

CVE-2023-47773

CVE-2023-47773 : Reflected Cross-Site Scripting in the WordPress plugin Permalinks Customizer (YAS Global Team) versions

7.1CVSS6.6AI score0.00412EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.3 views

WordPress Plugin Permalinks Customizer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

7.1CVSS6AI score0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.6 views

PT-2023-30600 · Unknown · Yas Global Team Permalinks Customizer

Name of the Vulnerable Software and Affected Versions: YAS Global Team Permalinks Customizer plugin versions prior to 2.8.3 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for potential malicious...

7.1CVSS6.7AI score0.00412EPSS
Exploits0References3
Rows per page
Query Builder