63 matches found
PT-2024-19217 · Sap · Sap Netweaver Administrator As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Administrator AS Java Administrator Log Viewer plug-in version 7.50 Description: The issue allows an attacker with high privileges to upload potentially dangerous files, which leads to a command injection vulnerability. This wou...
Cross-Site Scripting (XSS)
MolecularFaces is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of user input within the viewer plugin implementation of . This allows an attacker to inject arbitrary JavaScript code into the client browser by crafting malicious molfiles...
CVE-2023-47245
CVE-2023-47245 affects the ANAC XML Viewer WordPress plugin by Marco Milesi (versions up to 1.7). It is an authenticated Stored XSS vulnerability that requires admin+ privileges. The issue is mitigated by upgrading to 1.7.1 (fixed version).
CVE-2023-32102
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Pexle Chris Library Viewer plugin = 2.0.6 versions...
CVE-2023-32102
CVE-2023-32102 is a Stored XSS in the WordPress Library Viewer plugin (versions
CVE-2023-32102 WordPress Library Viewer Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Pexle Chris Library Viewer plugin = 2.0.6 versions...
WordPress plugin Library Viewer Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Cross site request forgery (csrf)
A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be...
WordPress Library Viewer Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)
Software Library Viewer Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32102 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0ff4626c41da Credits Mika Required...
CVE-2023-0033
The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
WordPress PDF Viewer Plugin < 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software PDF Viewer Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0033 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6e3ff2a57463 Credits István Márton Required...
The vulnerability of the plugin for viewing RAW images lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.
The vulnerability of the plugin for viewing RAW images is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
GHSA-QM37-C4W6-H9V9 Missing Authorization in Jenkins XPath Configuration Viewer Plugin
XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Given appropriate XPath expressions, this page grants access to job configuration XML data...
GHSA-3Q7F-W8FR-368V Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin
A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin
A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...
CVE-2022-34812
A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...
CVE-2022-34812
A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...
CVE-2022-34811
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page...
CVE-2022-34813
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...
CVE-2022-34812
A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...