ch.qos.logback:logback-access (=1.3.13), ch.qos.logback:logback-classic (=1.3.13) +28 more potentially affected by CVE-2023-6481 via ch.qos.logback:logback-core (=1.3.13)

ch.qos.logback:logback-core MAVEN version =1.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on ch.qos.logback:logback-core and may be impacted: - ch.qos.logback:logback-access =1.3.13 - ch.qos.logback:logback-classic =1.3.13 -...

CVE-2023-5831

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the supersidebarloggedout feature flag enabled. Affected versions with this...

PT-2023-32363 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.0 through 16.3.5 GitLab CE/EE versions 16.4 through 16.4.1 GitLab CE/EE versions 16.5.0 Description: An issue has been discovered in GitLab CE/EE which may unintentionally disclose GitLab version metadata to...

Malicious code in fixed-sidebar-modal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a886a2b249fe5866154125cdc1f0b7eca75a596ae19cc5b57d215b5eda4cb21d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-36818

Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit 52b003d915. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2023-36818 Denial of service via User Custom Sidebar Section Unlimited Link Creation in discourse

Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit 52b003d915. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2023-36818 Denial of service via User Custom Sidebar Section Unlimited Link Creation in discourse

Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit 52b003d915. Users are advised to upgrade. There are no known workarounds for this vulnerability...

PT-2023-25709 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the version containing commit 52b003d915 Description: Discourse is an open source discussion platform. A request to create or update a custom sidebar section can cause a denial of service. Recommendations: For...

CVE-2020-36747

The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metaboxsave function. This makes it possible for unauthenticated attackers to save metbox data via ...

CVE-2020-36747

The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metaboxsave function. This makes it possible for unauthenticated attackers to save metbox data via ...

Cross site request forgery (csrf)

The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metaboxsave function. This makes it possible for unauthenticated attackers to save metbox data via ...

CVE-2020-36747 Lightweight Sidebar Manager <= 1.1.4 - Cross-Site Request Forgery Bypass

The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metaboxsave function. This makes it possible for unauthenticated attackers to save metbox data via ...

CVE-2020-36747

CVE-2020-36747 : The Lightweight Sidebar Manager WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the metabox_save() function, affecting versions up to 1.1.4. An unauthenticated attacker could craft a request that, if a site admin visits it...

WordPress Plugin Lightweight Sidebar Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-11887 · WordPress · Lightweight Sidebar Manager

Name of the Vulnerable Software and Affected Versions: Lightweight Sidebar Manager plugin for WordPress versions up to, and including, 1.1.4 Description: The issue is due to missing or incorrect nonce validation on the metabox save function, making it possible for unauthenticated attackers to sav...

CVE-2015-10115

CVE-2015-10115 affects WooSidebars Sidebar Manager Converter Plugin for WordPress up to version 1.1.1, specifically the process_request function in classes/class-woosidebars-sbm-converter.php. The vulnerability allows an open redirect and can be triggered remotely. The issue is fixed by upgrading...

WordPress Plugin WooSidebars Sidebar Manager Converter 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

Path Traversal

Jenkins Sidebar Link Plugin is vulnerable to Path Traversal. The vulnerability exists because the path of files are not properly restricted which allows an attacker to access the userContent/ directory and check for the existence of a specific file...

Jenkins Sidebar Link Plugin vulnerable to Path Traversal

Jenkins Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons. Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existenc...

GHSA-PP8M-PRR7-WR8W Jenkins Sidebar Link Plugin vulnerable to Path Traversal

Jenkins Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons. Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existenc...