Lucene search
K

187 matches found

BDU FSTEC
BDU FSTEC
added 2023/11/04 12:0 a.m.12 views

The vulnerability of the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) of the ILIAS learning management and support system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the exec function in the execQuoted method of the ilUtil class /Services/Utilities/classes/class.ilUtil.php of the ILIAS training and support management system is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote...

9CVSS7.7AI score0.00765EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.9 views

PT-2023-6719 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS version 7.25 Description: The issue is related to the exec function in the execQuoted method of the ilUtil class, which lacks input sanitization. This allows attackers to inject malicious commands into the system, potentially compromisi...

9CVSS8.8AI score0.00765EPSS
Exploits1References9
OSV
OSV
added 2023/09/19 8:15 p.m.3 views

CVE-2023-2995

The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00379EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/08/07 12:0 a.m.7 views

WordPress plugin Bubble Menu cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

4.8CVSS6AI score0.00636EPSS
Exploits2References2
OSV
OSV
added 2023/07/24 11:15 a.m.6 views

CVE-2023-2761

The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS5.8AI score0.00717EPSS
Exploits2References1
OSV
OSV
added 2023/06/05 2:15 p.m.3 views

CVE-2023-0545

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00442EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.5 views

PT-2023-16393 · WordPress · Sloth Logo Customizer

Name of the Vulnerable Software and Affected Versions: Sloth Logo Customizer WordPress plugin versions prior to 2.0.3 Description: The issue concerns a lack of CSRF check when updating settings, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add...

8.8CVSS8.6AI score0.13871EPSS
Exploits2References3
OSV
OSV
added 2023/02/21 9:15 a.m.5 views

CVE-2022-4897

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00858EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.6 views

PT-2022-25765 · WordPress · Popup Manager

Name of the Vulnerable Software and Affected Versions: Popup Manager WordPress plugin versions 1.6.6 and earlier Description: The issue concerns a lack of authorization and CSRF check when creating or updating popups in the plugin. It is also missing proper sanitization and escaping, which could...

4.3CVSS4.5AI score0.00285EPSS
Exploits2References4
Snyk
Snyk
added 2022/12/13 3:6 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. PoC js var root = require"global-modules-path" root.getPath"& touch JHU","& touch exploit" Remediation Upgrade...

9.8CVSS7.3AI score0.01477EPSS
Exploits0References2
OSV
OSV
added 2022/11/28 2:15 p.m.4 views

CVE-2022-3847

The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00268EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/09/19 2:15 p.m.2 views

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

8.8CVSS7.3AI score0.10375EPSS
Exploits5References6
BDU FSTEC
BDU FSTEC
added 2022/08/04 12:0 a.m.8 views

The vulnerability of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router lies in the absence of measures to sanitize input data, allowing attackers to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers is related to the lack of measures for input data...

9CVSS7.5AI score0.01081EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/08/04 12:0 a.m.6 views

The vulnerability of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router lies in the absence of measures to sanitize input data, allowing attackers to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers is related to the lack of measures for input data...

9CVSS7.5AI score0.00876EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/05/30 9:15 a.m.8 views

CVE-2022-1299

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00565EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/05/09 5:15 p.m.7 views

CVE-2022-0874

The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00577EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.6 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from insufficient neutralization of certain elements in the query, allowing an attacker to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the insufficient neutralization of certain elements in the request. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

5.4CVSS5.9AI score0.00747EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.5 views

CVE-2022-0830

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put...

6.5CVSS6.7AI score0.00534EPSS
Exploits2References2
OSV
OSV
added 2022/03/18 12:1 a.m.38 views

GHSA-8M2F-74R2-X3F2 Code injection in accesslog

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...

7.1CVSS7.6AI score0.01614EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/03/14 3:15 p.m.6 views

CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...

6.1CVSS6.5AI score0.00788EPSS
Exploits2References2
Rows per page
Query Builder