OpenHarmony 缓冲区错误漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China Open Atom OpenAtom Foundation. A buffer error vulnerability exists in OpenHarmony version v4.1.1 and earlier. An attacker exploited the vulnerability to cause information disclosure via out-of-bounds reads...

KubeSphere 安全漏洞

KubeSphere is KubeSphere open source a distributed operating system built on top of Kubernetes for cloud-native applications. A security vulnerability exists in KubeSphere version v3.4.1 and v4.1.1. An attacker can exploit the vulnerability to access sensitive resources...

CVE-2024-5223

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...

WordPress plugin PostX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PYSEC-2024-234

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing...

PYSEC-2024-234

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing...

BIT-REDMINE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

Mirth Connect 4.4.0 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mirth Connect Deserialization RCE', 'Description' = %q A vulnerability exists within Mirth Connect due to its mishandling of deserialized data...

WordPress Plugin Estatik Real Estate Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress Plugin Estatik Real Estate...

PT-2024-14865 · WordPress · Estatik Real Estate Plugin

Name of the Vulnerable Software and Affected Versions: Estatik Real Estate Plugin WordPress plugin versions prior to 4.1.1 Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the plugin does not properly sanitise and escape various parameters and generated UR...

CVE-2023-46278

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication...

CVE-2023-46199

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Triberr plugin = 4.1.1 versions...

PT-2023-29967 · Unknown · Product Catalog (Csv

Name of the Vulnerable Software and Affected Versions: Product Catalog CSV, Excel, XML Export PRO versions up to 4.1.1 Description: A path traversal attack can be performed by a guest to download personal information without restriction. This is due to a lack of permissions control and a lack of...

WordPress Triberr Plugin <= 4.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Triberr Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46199 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 300610c5f3ed Credits Rio Darmawan Required privilege...

PT-2023-32015 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: ECshop version 4.1.1 Description: A critical issue has been found in an unknown functionality of the file /admin/order.php. The manipulation of the goods id argument leads to SQL injection. This issue can be exploited remotely. Recommendation...

CVE-2023-43263

A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...

Froala Editor Cross-Site Scripting Vulnerability

Froala Editor is a powerful JavaScript rich text editor for individual developers. A cross-site scripting vulnerability exists in Froala Editor version v.4.1.1 that could allow an attacker to execute arbitrary code via the Markdown component...

Froala Editor Cross-Site Scripting Vulnerability

Froala Editor is a powerful JavaScript rich text editor for individual developers. A cross-site scripting vulnerability exists in Froala Editor v.4.1.1. A remote attacker can exploit this vulnerability to execute arbitrary code via the "Insert link" parameter in the "Insert Image" component...

Cross site scripting

Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting XSS vulnerability...

GHSA-5HJ9-M76G-XRC8 Apache HDFS Provider error message suggested

In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...