4 matches found
CVE-2025-1693
Summary: CVE-2025-1693 affects the MongoDB Shell (mongosh) prior to version 2.3.9. When mongosh is connected to a cluster that is partially or fully under an attacker’s control, an attacker can inject control characters into the shell output, potentially causing falsified messages that appear to ...
MongoDB Shell may be susceptible to control character injection via pasting
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...
PT-2023-16522 · Cockpit · Cockpit
Name of the Vulnerable Software and Affected Versions: cockpit versions prior to 2.3.9 Description: The issue is related to improper restriction of rendered UI layers or frames. Recommendations: For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue...
PT-2022-15403 · WordPress · Request A Quote
Name of the Vulnerable Software and Affected Versions: Request a Quote WordPress plugin versions prior to 2.3.9 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks due to the lack of sanitization and escaping of some settings, even when the...