Lucene search
K

2480 matches found

0day.today
0day.today
added 2023/10/26 12:0 a.m.330 views

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability

CSRF Change Forward Power: -------------------------...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.2 views

PT-2023-32222 · Tenable · Nessus Network Monitor

Name of the Vulnerable Software and Affected Versions: Nessus Network Monitor affected versions not specified Description: The issue arises from insufficient input validation in Nessus Network Monitor, potentially allowing an admin user to modify parameters and enable a blind SQL injection under...

7.2CVSS5.4AI score0.00484EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/10/20 6:46 p.m.6 views

Foreman: Arbitrary code execution through templates

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system...

9.1CVSS6.3AI score0.01382EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/10/17 2:15 p.m.3 views

CVE-2023-45906

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/user/add...

8.8CVSS5.8AI score0.00324EPSS
Exploits1References2
Prion
Prion
added 2023/10/17 2:15 p.m.15 views

Cross site request forgery (csrf)

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/user/add...

6.8CVSS8.8AI score0.00324EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/17 12:0 a.m.4 views

PT-2023-29760 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A Cross-Site Request Forgery CSRF issue was discovered in Dreamer CMS via the component /admin/user/add. This allows for unauthorized actions to be performed on behalf of an authenticated user...

8.8CVSS6.6AI score0.00324EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.4 views

Dreamer CMS Cross-Site Request Forgery Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version v4.1.3. An attacker can exploit this vulnerability to conduct cross-site request forgery CSRF attacks via the component /admin/user/add...

8.8CVSS6.8AI score0.00324EPSS
Exploits1References2
CVE
CVE
added 2023/10/17 12:0 a.m.89 views

CVE-2023-45906

Dreamer CMS 4.1.3 is affected by a CSRF in the /admin/user/add functionality. The root cause is a Cross-Site Request Forgery vulnerability that allows unauthorized actions to be performed on behalf of an authenticated user. The NVD entry confirms high impact (C/H/I/A) with CVSS 3.1 base score 8.8...

8.8CVSS8.8AI score0.00324EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/16 12:0 a.m.16 views

Awesome Support < 6.1.5 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Visit the following URL as an admin user, with any valid ticket ID. Press the acce...

6.1CVSS5.1AI score0.00398EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.144 views

Awesome Support < 6.1.5 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Visit the following URL as an admin user, with any valid ticket ID. Press the access k...

6.1CVSS5.8AI score0.00398EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/13 12:0 a.m.236 views

Gutenberg < 16.8.1 - Contributor+ Stored XSS

Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the paragraph. 3...

6.6AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/13 12:0 a.m.8 views

Gutenberg < 16.8.1 - Contributor+ Stored XSS

Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. PoC 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the...

6AI score
Exploits0Affected Software1
NVD
NVD
added 2023/10/12 10:15 p.m.19 views

CVE-2023-27316

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

8.8CVSS8.6AI score0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/12 9:4 p.m.14 views

CVE-2023-27316 Privilege Escalation Vulnerability in SnapCenter

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

8.8CVSS8.1AI score0.00189EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/12 9:4 p.m.23 views

CVE-2023-27316 Privilege Escalation Vulnerability in SnapCenter

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

8.8CVSS8.7AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2023/10/12 7:15 p.m.17 views

CVE-2023-27313

SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user...

8.8CVSS8.3AI score0.00491EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/12 6:22 p.m.20 views

CVE-2023-27313 Privilege Escalation Vulnerability in SnapCenter

SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user...

8.3CVSS6.7AI score0.00491EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/10/12 6:15 p.m.4 views

CVE-2023-43149

SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery CSRF that allows a remote attacker to add an admin user with role status...

8.8CVSS7.3AI score0.00542EPSS
Exploits1References2
OSV
OSV
added 2023/10/12 6:15 p.m.6 views

CVE-2023-43149

SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery CSRF that allows a remote attacker to add an admin user with role status...

8.8CVSS5.8AI score0.00542EPSS
Exploits1References1
NVD
NVD
added 2023/10/12 6:15 p.m.17 views

CVE-2023-43149

SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery CSRF that allows a remote attacker to add an admin user with role status...

8.8CVSS8.8AI score0.00542EPSS
Exploits1References1
Rows per page
Query Builder