CVE-2022-20853

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

CVE-2022-20853 Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

CVE-2022-20853 Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...

CVE-2024-10924

CVE-2024-10924 affects Really Simple Security (Free, Pro, Pro Multisite) WordPress plugin versions 9.0.0–9.1.1.1. Fault lies in improper validation of login_nonce within the two-factor REST API actions (check_login_and_get_user), enabling unauthenticated attackers to log in as any existing user (...

PT-2024-16753 · WordPress · Svgplus

Name of the Vulnerable Software and Affected Versions: SVGPlus plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input sanitization and output escaping. This allows...

CVE-2024-10323

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

CVE-2024-10323

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

CVE-2024-10323 JetWidgets For Elementor <= 1.0.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

CVE-2024-10323 JetWidgets For Elementor <= 1.0.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

PT-2024-16188 · WordPress · Jetwidgets For Elementor

Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor plugin for WordPress versions up to, and including, 1.0.18 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input sanitization and output escaping. Thi...

CVE-2024-48939

Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...

CVE-2024-48939

Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...

CVE-2024-48939

Paxton Net2 prior to version 6.07.14023.5015 (SR4) has insufficient validation of the REST API License file, which can allow using the REST API with an invalid license and may enable retrieval of access-log data. Confirmed in multiple sources (NVD, Red Hat, CNVD/CNNVD, PT Security) across CVE-202...

CVE-2024-48939

Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...

Paxton Access Net2 安全漏洞

Paxton Access Net2 is an application from Paxton Access that provides simple and flexible site management. A security vulnerability exists in Paxton Access Net2 versions prior to 6.07.14023.5015 SR4, which stems from insufficient validation of the REST API license file implementation, resulting i...

CVE-2024-52004

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...

CVE-2024-52004

CVE-2024-52004 affects MediaCMS (Python/Django + React, REST API). Root cause: insufficient input validation during media upload, allowing remote code execution under specific conditions when the portal permits uploading content. Affected versions: all prior to 4.1.0; patched in 4.1.0. Practical ...

CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...

CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...