Lucene search
K

8539 matches found

RubySec
RubySec
added 2024/06/02 12:0 a.m.26 views

activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...

6.1CVSS6.6AI score0.00349EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/01 12:0 a.m.7 views

PT-2024-14942 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue arises from insufficient input sanitization and output escaping on the user-supplied css class attribute in the...

6.4CVSS6.8AI score0.00323EPSS
Exploits0References7
Mageia
Mageia
added 2024/05/31 3:15 p.m.137 views

Updated python-jinja2 packages fix security vulnerabilities

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...

6.1CVSS6.3AI score0.00979EPSS
Exploits0References2
OSV
OSV
added 2024/05/31 10:15 a.m.7 views

CVE-2024-5347

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes...

5.4CVSS6AI score
Exploits0References4
OSV
OSV
added 2024/05/31 3:15 a.m.4 views

CVE-2024-5418

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS6AI score0.00321EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/05/31 2:34 a.m.4 views

WordPress DethemeKit For Elementor plugin <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slitems Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via slitems Attribute vulnerability discovered by wesley wcraft in WordPress Plugin DethemeKit For Elementor versions = 2.1.4...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/31 12:0 a.m.13 views

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC paypalbutton type="addtocart...

5.6AI score0.00315EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.3 views

PT-2024-35749 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.9 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the arrow attribute within...

6.4CVSS6.9AI score0.00329EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/05/30 7:52 p.m.28 views

CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...

4.2CVSS4.5AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2024/05/30 4:15 p.m.3 views

DEBIAN-CVE-2024-36953

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgicv2parseattr vgicv2parseattr is responsible for finding the vCPU that matches the user-provided CPUID, which of course may not be valid. If the ID is invalid, kvmgetvcpubyid...

5.5CVSS5.2AI score0.00231EPSS
Exploits0References1
OSV
OSV
added 2024/05/30 4:15 p.m.0 views

DEBIAN-CVE-2024-36946

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtmphonetnotify skb allocation fillroute stores three components in the skb: - struct rtmsg - RTADST u8 - RTAOIF u32 Therefore, rtmphonetnotify should use NLMSGALIGNsizeofstruct rtmsg + nlatotalsize1 + nlatotalsize4...

5.5CVSS5.6AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2024/05/30 4:15 p.m.20 views

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

4.4CVSS6.4AI score0.0022EPSS
Exploits0References5
OSV
OSV
added 2024/05/30 4:15 p.m.3 views

DEBIAN-CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

4.4CVSS5.6AI score0.0022EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/05/30 4:15 p.m.27 views

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

4.4CVSS6.5AI score0.0022EPSS
Exploits0References19
OSV
OSV
added 2024/05/30 4:15 p.m.5 views

UBUNTU-CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

4.4CVSS6.2AI score0.0022EPSS
Exploits0References20
Vulnrichment
Vulnrichment
added 2024/05/30 3:29 p.m.36 views

CVE-2024-36928 s390/qeth: Fix kernel panic after setting hsuid

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

6.8AI score0.0022EPSS
Exploits0References5
NVD
NVD
added 2024/05/30 1:15 p.m.23 views

CVE-2024-36017

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

5.5CVSS7.4AI score0.00249EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2024/05/30 1:15 p.m.25 views

CVE-2024-36017

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

5.5CVSS6.3AI score0.00249EPSS
Exploits0References28
Cvelist
Cvelist
added 2024/05/30 12:52 p.m.24 views

CVE-2024-36017 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

7.4AI score0.00249EPSS
Exploits0References8
CVE
CVE
added 2024/05/30 12:52 p.m.165 views

CVE-2024-36017

The CVE-2024-36017 entry is valid and has concrete details in connected sources. The vulnerability is in the Linux kernel rtnetlink path: nested IFLA_VF_VLAN_LIST attributes are assumed to be struct ifla_vf_vlan_info (size 14 bytes). Validation used NLA_HDRLEN (4 bytes), enabling a too-small attr...

5.5CVSS6.5AI score0.00249EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder