CVE-2023-39922

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1...

CVE-2023-39922

CVE-2023-39922: Avada (WordPress Theme)

WordPress plugin Avada security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-39313

Server-Side Request Forgery SSRF vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1...

CVE-2023-39307

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1...

PT-2023-26881 · Themefusion · Avada

Name of the Vulnerable Software and Affected Versions: Avada versions through 7.11.1 Description: The issue is related to a Missing Authorization vulnerability in ThemeFusion Avada. Recommendations: For Avada versions through 7.11.1, update to a version later than 7.11.1 to resolve the issue. At...

WordPress Avada Theme <= 7.11.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Avada Type Theme Vulnerable versions = 7.11.1 Fixed in 7.11.2 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-39313 Patch priority Low CVSS severity Low 7.7 Developer Claim ownership PSID 8a9512654743 Credits Rafie Muhammad Patchstack...

Proofpoint Insider Threat Management Server Cross-Site Scripting Vulnerability

Proofpoint Insider Threat Management Server is a server-side application from Proofpoint, Inc. for preventing malicious operations by enterprise insiders. A cross-site scripting vulnerability exists in Proofpoint Insider Threat Management Server versions prior to 7.11.1, which allows for the...

Authorization

The Proofpoint Insider Threat Management Server formerly ObserveIT Server is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected...

CVE-2021-27899

The Proofpoint Insider Threat Management Agents formerly ObserveIT Agent for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are...

Proofpoint Insider Threat Management Server 代码问题漏洞

Proofpoint Insider Threat Management Server is a server-side application from Proofpoint, Inc. for preventing malicious operations by enterprise insiders. An XML external entity injection vulnerability exists in Proofpoint Insider Threat Management Server versions prior to 7.11.1. An attacker cou...

Cross site scripting

Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML ...