Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

CVE-2023-45054 WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

CVE-2023-45054

CVE-2023-45054 affects the WordPress Product Category Tree plugin (versions

WordPress Plugin product-category-tree Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

GHSA-J5GV-W838-MMCX Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu

Stored cross-site scripting XSS vulnerability in Page Tree menu in Liferay Layout Implementation before 6.0.102 from Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu

Stored cross-site scripting XSS vulnerability in Page Tree menu in Liferay Layout Implementation before 6.0.102 from Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

CVE-2023-44310

Stored cross-site scripting XSS vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text...

CVE-2023-44310

Stored cross-site scripting XSS vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text...

CVE-2023-44310

CVE-2023-44310 is a stored XSS vulnerability in the Page Tree menu affecting Liferay Portal 7.3.6–7.4.3.78 and Liferay DXP 7.3 (fix pack 1 through Update 23 ) and 7.4 (before Update 79 ). An attacker can inject arbitrary scripts via a crafted payload into a page’s Name field, enabling script exec...

WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Product Category Tree Type Plugin Vulnerable versions = 2.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46151 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ea1f1b0d4548 Credits Nguyen Xuan Chien...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

PT-2023-29204 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.6 through 7.4.3.78 Liferay DXP versions 7.3 fix pack 1 through update 23 Liferay DXP version 7.4 before update 79 Description: A stored cross-site scripting XSS issue in the Page Tree menu allows remote attackers t...

PT-2023-27143 · Nxp · Nxp I.Mx 8M Nano +3

Name of the Vulnerable Software and Affected Versions: U-Boot Secondary Program Loader SPL versions prior to 2023.07 Description: A software issue has been identified in the U-Boot Secondary Program Loader SPL on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened...

RLSA-2023:4541 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 kernel: tcindex: use-after-free...

The vulnerability of Atos Unify OpenScape 4000, a hybrid communication platform, allows a intruder to execute arbitrary commands.

The vulnerability of Atos Unify OpenScape 4000, a hybrid communication platform, is related to insufficient cleaning of input data during the processing of dtb format files. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

Simple Org Chart <= 2.3.4 - Unauthenticated Tree Settings Update

Description The plugin does not have authorisation when updating its Tree settings, which could allow unauthenticated attackers to change them...

CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

The vulnerability of the radix_tree_lookup() function in the lib/radix-tree.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the radixtreelookup function in the lib/radix-tree.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...