6271 matches found
GO-2024-3235 Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server...
Chamilo LMS 安全漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...
WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Featured Posts Scroll versions = 1.25...
WordPress Featured Posts Scroll Plugin <= 1.25 is vulnerable to Cross Site Request Forgery (CSRF)
Software Featured Posts Scroll Type Plugin Vulnerable versions = 1.25 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51647 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4e8c9b0726a9 Credits SOPROBRO Require...
WordPress plugin YARPP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Marquee Elementor with Posts plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Marquee Elementor with Posts versions = 1.2.0...
WordPress Marquee Elementor with Posts Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Marquee Elementor with Posts Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51584 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0fd32696366c Credits Gab Required privilege...
CVE-2024-12084
creationtimestamp| type| source ---|---|--- 2024-10-30 07:06:34+00:00| seen| https://git.samba.org/?p=rsync.git;a=commit;h=0902b52f6687b1f7952422080d50b93108742e53 2024-11-05 20:01:03+00:00| seen| https://git.samba.org/?p=rsync.git;a=commit;h=42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1 2025-01-14...
CVE-2024-50052
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post...
CVE-2024-50464
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes.This issue affects Kodex Posts likes: from n/a through = 2.5.0...
CVE-2024-50464 WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes.This issue affects Kodex Posts likes: from n/a through = 2.5.0...
CVE-2024-50464 WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes.This issue affects Kodex Posts likes: from n/a through = 2.5.0...
CVE-2024-50623
creationtimestamp| type| source ---|---|--- 2024-10-28 01:56:29+00:00| seen| https://t.me/cvedetector/9080 2024-12-10 03:52:21+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113626496423360521 2024-12-10 03:57:59+00:00| seen|...
PT-2024-34240 · Unknown · Kodex Posts Likes
Name of the Vulnerable Software and Affected Versions: Kodex Posts likes versions through 2.5.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versio...
CVE-2024-46996
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue...
CVE-2024-46994
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...
Cross-site Scripting (XSS)
Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog posts and contents list feature. An attacker can manipulate web page content or redirect users to malicious websites. Details...
CVE-2024-46996
baserCMS (CMS framework) has a Cross-site Scripting (XSS) vulnerability in the Blog posts feature affecting versions prior to 5.1.2. The issue is addressed by upgrading to a fixed release (5.1.2 or newer; some sources list 5.1.3 as the update path). Multiple connected advisories confirm the affec...
CVE-2024-46996 baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue...
CVE-2024-46994 baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...