8527 matches found
CVE-2024-44952
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-44952
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-44952
CVE-2024-44952 is associated with Siemens SCALANCE and RUGGEDCOM devices (OT environment). The issue is described as an improper locking that could lead to a deadlock in driver core during device detachment/attribute handling. The cited advisory fixes the problem by using synchronize_rcu() to pre...
Cross Site Scripting (XSS)
bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is cause due to a missing validation and sanitization in the href attribute of the tag in the carousel component in the data-slide and data-slide-to attributes. This can enable attackers to execute arbitrary JavaScript within...
jinja2: accepts keys containing non-attribute characters
A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...
kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...
PT-2024-34078
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A vulnerability in the Linux kernel has been resolved, specifically related to the fs/ntfs3 module, where a rough attr alloc size check has been added. Recommendations: For versions prior to...
CVE-2024-7354
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-7354
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-7354
CVE-2024-7354 affects Ninja Forms for WordPress prior to 3.8.11. The issue is that the plugin does not escape a URL before printing it within an HTML attribute, enabling a reflected XSS attack that could target high-privilege users (e.g., admins). The NVD/NIST entry documents a CVSS 3.1 base scor...
CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress WPZOOM Portfolio Lite plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin WPZOOM Portfolio versions = 1.4.4...
CVE-2024-8276
The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping...
Mac OS X Safari .webarchive File Format UXSS
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Mac OS X Safari .webarchive File Format UXSS', 'Description' = %q Generates a .webarchive file for Mac OS X Safari that will attemp...
Svelte has a potential mXSS vulnerability due to improper HTML escaping
Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - " - " - & - & - Other characters - No conversion -...
GHSA-8266-84WP-WV5C Svelte has a potential mXSS vulnerability due to improper HTML escaping
Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - " - " - & - & - Other characters - No conversion -...
CVE-2024-8252
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
CVE-2024-5879
The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient input sanitization and output escaping. This...
PT-2024-31398 · Svelte · Svelte
Name of the Vulnerable Software and Affected Versions: Svelte versions prior to 4.2.19 Description: A potential mXSS vulnerability exists in Svelte due to improper HTML escaping on server-side rendering. The issue arises when the final DOM tree rendered on browsers differs from what Svelte expect...