CVE-2023-6563 Keycloak: offline session token dos

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...

CVE-2023-41618

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin/article.php?activesavedraft...

CVE-2023-41618

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin/article.php?activesavedraft...

CVE-2023-41621

A Cross Site Scripting XSS vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php...

CVE-2023-41621

A Cross Site Scripting XSS vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php...

Cross site scripting

A Cross Site Scripting XSS vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php...

CVE-2023-6766

The CVE affects PHPGurukul Teacher Subject Allocation Management System 1.0, specifically the /admin/course.php component of the Delete Course Handler. Manipulating the delid parameter triggers Cross-Site Request Forgery (CSRF) and can be exploited remotely; the exploit has been publicly disclose...

CVE-2023-41618

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin/article.php?activesavedraft...

Multiple Plugins by KlbTheme - Reflected Cross-Site Scripting

Description The plugins do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Multiple Themes by KlbTheme - Cross-Site Request Forgery

Description The themes do not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...

CVE-2023-5940

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Cross site scripting

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5955 Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting

The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5940 WP Not Login Hide <= 1.0 - Admin+ Stored XSS

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5750 EmbedPress < 3.9.2 - Reflected XSS

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to Get TripAdvisor Reviews optio...

Rocket Maintenance Mode & Coming Soon Page < 4.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

GHSA-M6VM-FF9V-JP3R Cross Site Scripting in evershop

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx...