40 matches found
EUVD-2024-32483
Malicious code in bioql PyPI...
SWIFT 安全漏洞
SWIFT is a large model and multimodal large model fine-tuning deployment framework from ModelScope open source. A security vulnerability exists in SWIFT version 3.3.0, which stems from an unsafe deserialization of yaml.load in the PyYAML library, which could lead to arbitrary code execution...
SWIFT 安全漏洞
SWIFT is a large model and multimodal large model fine-tuning deployment framework from ModelScope open source. A security vulnerability exists in SWIFT 2.6.1 and earlier versions, which stems from the deserialization of untrustworthy data by the loadmodelmeta function in the ModelFileSystemCache...
CVE-2024-3916
The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
WordPress Swift Framework plugin < 2024.04.30 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Swift Framework Page Builder versions 2024.04.30...
CVE-2024-2872 Swift Framework < 2024.04.30 - Contributor+ Stored XSS
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2024-2872 Swift Framework < 2024.04.30 - Contributor+ Stored XSS
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)
Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2872 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a6a23937e22a Credits Bob...
WordPress Swift Framework plugin < 2024.04.30 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Swift Framework Page Builder versions 2024.04.30...
WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)
Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 057d34197d18 Credi...
CVE-2024-2870 Swift Framework < 2024.04.30 - Reflected XSS
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-2870 Swift Framework < 2024.04.30 - Reflected XSS
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress Swift Framework plugin < 2024.04.30 - Admin+ Stored XSS via Settings vulnerability
Admin+ Stored XSS via Settings vulnerability discovered by Bob Matyas in WordPress Plugin Swift Framework Page Builder versions 2024.04.30...
CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)
Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2696 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 777ce10c6c55 Credits Bob...
WordPress Swift Framework plugin < 2024.0.0 - Contributor+ Stored XSS via Shortcode vulnerability
Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Swift Framework Page Builder versions 2024.0.0...
CVE-2024-2697 Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode
The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...
WordPress Plugin Swift Framework 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Swift Framework Page Builder Plugin < 2024.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.0.0 Fixed in 2024.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2697 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 571298b5f634 Credits Bob...