PT-2024-10747 · WordPress · Rich Review

Name of the Vulnerable Software and Affected Versions: Rich Review plugin for WordPress versions up to, and including, 1.7.4 Description: The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body update parameter due to insufficient input sanitization and...

HashiCorp go-getter security vulnerability

HashiCorp go-getter is a library for Go golang from HashiCorp, USA, for downloading files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter version 1.7.4 and earlier, which stems from the possibility of being forced...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution offers multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop productsalert prior to version 1.7.4, which stems from sensitive...

PT-2024-23771 · Unknown · Scimone Ignazio Prenotazioni

Name of the Vulnerable Software and Affected Versions: Scimone Ignazio Prenotazioni versions 1.7.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored Cross-site Scripting XSS vulnerability. This allows for the...

WordPress Prenotazioni plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Faizal Abroni Patchstack Alliance in WordPress Plugin Prenotazioni versions = 1.7.4...

Qdrant 路径遍历漏洞

Qdrant is a vector similarity search engine and vector database. A path traversal vulnerability exists in Qdrant, which stems from a path traversal vulnerability in the component Full Snapshot REST API. Affected products and versions: Qdrant 1.6.1 and earlier, 1.7.4 and earlier, 1.8.2 and earlier...

WordPress Prenotazioni Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Prenotazioni Type Plugin Vulnerable versions = 1.7.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31102 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 02e6f4bc0952 Credits Faizal Abroni Required privilege...

Design/Logic Flaw

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14...

DEBIAN-CVE-2023-43643

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

UBUNTU-CVE-2023-43643

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

OWASP AntiSamy Cross-Site Scripting Vulnerability

OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A cross-site scripting vulnerability exists in OWASP AntiSamy versions prior to 1.7.4 that stems from an error in parsing cleaned HTML, where certain inputs may cause elements in comment tags to be...

Design/Logic Flaw

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping or quoting for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expecte...

CVE-2023-36212

File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function...

Total CMS 代码问题漏洞

Total CMS is an online editing solution from Total CMS Open Source. A file upload vulnerability exists in Total CMS version 1.7.4, which stems from the lack of validation of uploaded files by the edit page feature. The vulnerability can be exploited to remotely execute arbitrary code by uploading...

CVE-2023-25448

Cross-Site Request Forgery CSRF vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin = 1.7.4 versions...

CVE-2023-25490

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin = 1.7.4 versions...

CVE-2023-25490 WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin = 1.7.4 versions...

PT-2023-13900 · Ping Identity · Pingid Desktop

Name of the Vulnerable Software and Affected Versions: PingID Desktop versions prior to 1.7.4 Description: The issue allows attackers to bypass the maximum PIN attempts permitted before the time-based lockout is activated. This can be exploited in PingID Desktop. Recommendations: For versions pri...

WordPress plugin Archivist – Custom Archive Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Ping Identity PingID Desktop 访问控制错误漏洞

Ping Identity PingID Desktop is a software from Ping Identity. You can view the OTP or generate a new password for authentication. A security vulnerability exists in Ping Identity PingID Desktop prior to version 1.7.4 that stems from bypassing the maximum number of PIN attempts allowed before...