CVE-2024-41349

unmark 1.9.2 is vulnerable to Cross Site Scripting XSS via application/views/marks/addbyurl.php...

Unmark 安全漏洞

Unmark is an open source to-do list application for bookmarking by Colin Devroe Personal Developer. A security vulnerability exists in Unmark version 1.9.2, which stems from the presence of a cross-site scripting XSS vulnerability via application/views/marks/addbyurl.php...

WordPress plugin MaxiBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-38785

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.2...

WordPress Gutenverse plugin <= 1.9.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Gutenverse versions = 1.9.2...

WordPress Gutenverse Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Gutenverse Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38785 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 73a432519c7f Credits João Pedro S Alcântara Kinorth Required...

WordPress Attire Blocks plugin <= 1.9.2 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Attire Blocks versions = 1.9.2...

Nuki Bridge 安全漏洞

Nuki Bridge is a smart lock control software from Nuki. A security vulnerability exists in Nuki Bridge v1.x prior to v1.22.0 and v2.x prior to v2.13.2, and Nuki Keypad v1.9.2 prior to v1.9.2, which stems from the fact that sending an incorrectly formatted HTTP verb can force a device to reboot...

Nuki Bridge 安全漏洞

Nuki Bridge is a smart lock control software from Nuki. A security vulnerability exists in Nuki Bridge v1.x prior to v1.22.0 and v2.x prior to v2.13.2, and Nuki Keypad v1.9.2 prior to v1.9.2, which stems from the fact that sending multiple incorrectly-formatted packets can prevent certain functio...

WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin USPS Shipping for WooCommerce – Live Rates versions = 1.9.2...

PT-2024-20636 · Unknown · Apollo13 Framework Extensions

Name of the Vulnerable Software and Affected Versions: Apollo13 Framework Extensions versions 1.9.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacke...

PT-2024-14198 · Unknown · Slicknav Mobile Menu

Name of the Vulnerable Software and Affected Versions: SlickNav Mobile Menu versions 1.9.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

PYSEC-2024-126

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

Cross site scripting

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

CVE-2023-45138

Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...

CVE-2023-45138 Change Request Application vulnerable to XSS and remote code execution through change request title

Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...

PYSEC-2023-195

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

PT-2023-6631 · Octoprint · Octoprint

Name of the Vulnerable Software and Affected Versions: OctoPrint versions up to and including 1.9.2 Description: The issue allows malicious administrators to configure a specially crafted GCODE script, enabling code execution during the rendering of that script. This could be used to extract or...

CVE-2023-39520

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

Code injection

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...