CVE-2023-49484

Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting XSS vulnerability in the article management department...

Dreamer CMS 安全漏洞

Dreamer CMS is a dreamer content management system. Dreamer CMS version v4.1.3 suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data in the article management department, which can be exploited by an attacker to execute...

CVE-2023-49484

Dreamer CMS v4.1.3 contains a Cross-Site Scripting (XSS) vulnerability in the article management department. Root cause: lack of effective filtering/escaping of user-supplied data. Impact as per sources: potential execution of arbitrary scripts in or on user browsers. CVSS v3.1 base score 5.4 (Me...

PT-2023-31237 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A cross-site scripting XSS issue was found in the article management department. This could potentially allow attackers to inject malicious scripts into websites, affecting user sessions. Recommendations...

Beers with Talos episode 141: The TurkeyLurkey Man wants YOU to read Talos' Year in Review report

In this episode the Beers with Talos team, led by special guest Dave Liebenberg, set out to save Thanksgiving. The TurkeyLurkey man is the hero that everybody needs, but perhaps dont deserve. For fans and opposers of Daves Ranksgiving list, youll be pleased to know hes back with a whole new order...

October CMS 3.4.0 Wiki Article Cross Site Scripting

OctoberCMS v3.4.0 Wikiarticle Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...

CVE-2023-5640

The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability...

CVE-2023-5640

CVE-2023-5640 relates to the Article Analytics WordPress plugin (

WordPress Plugin Article Analytics Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-32231 · WordPress · Article Analytics Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Article Analytics WordPress plugin affected versions not specified Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. This AJAX action is...

2023-11 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5032189)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

Friday Squid Blogging: The History and Morality of US Squid Consumption

Really interesting article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Article Analytics <= 1.0 - Unauthenticated SQL injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. On a Wordpress blog using MySQL the following PoC allows to extract the hash of the...

WordPress Article analytics Plugin <= 1.0 is vulnerable to SQL Injection

Software Article analytics Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5640 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 78430de01615 Credits Nicolas Surribas Required privilege Unauthenticate...

The vulnerability of the file include/page/Article.php in the MediaWiki software, which is used to implement a hypertext environment, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the File/include/page/Article.php script used in implementing the MediaWiki hypertext environment is related to the improper assignment of permissions for the critical resource during the signature request check. Exploiting this vulnerability can allow an attacker operating...

WordPress Plugin WooCommerce EAN Payment Gateway Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

LinkedIn: Stored XSS on LinkedIn App via iframe tag in Article

A stored cross-site scripting vulnerability was found in the LinkedIn mobile application that allowed JavaScript code to be executed when viewing specially crafted articles containing iframe tags. The issue was resolved after receiving the report...

2023-10 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5031356)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2023-10 Dynamic Cumulative Update for Windows 11 for x64-based Systems (KB5031358)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

2023-09 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 (KB5029918)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...