6623 matches found
Greeva 2.0 SQL Injection
==================================================================================================================================== | Title : Greeva 2.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | | Vendo...
CVE-2023-38397 WordPress Gestion-Pymes Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eggemplo Gestion-Pymes plugin = 1.5.6 versions...
CVE-2023-23828 WordPress WP Category Post List Widget Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Swashata WP Category Post List Widget plugin = 2.0.3 versions...
CVE-2023-23828
CVE-2023-23828 affects the WordPress plugin Swashata WP Category Post List Widget (versions
CVE-2023-34374
The CVE-2023-34374 entry concerns the AnsPress WordPress plugin (versions
CVE-2023-34374 WordPress AnsPress – Question and answer Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS)
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Rahul Aryan AnsPress plugin = 4.3.0 versions...
CVE-2023-23871
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Webdzier Button plugin = 1.1.23 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin = 2.0.0 versions...
CVE-2023-24009
Wpazure Themes Upfrontwp Theme
CVE-2023-23798 WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Muneeb Layer Slider plugin = 1.1.9.7 versions...
Digisha CMS 1.2.7 SQL Injection
==================================================================================================================================== | Title : Digisha CMS V1.2.7 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | ...
Design/Logic Flaw
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1...
CVE-2023-3518 JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1...
CVE-2023-3518 JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1...
CVE-2023-3518
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1...
CVE-2023-3518
HashiCorp Consul and Consul Enterprise 1.16.0 had a vulnerability in JWT-based service-mesh authentication that allowed or denied access independent of service identities. The issue is fixed in version 1.16.1. No exploitation details are provided in the connected documents. Affected product/versi...
GHSA-9JCQ-JF57-C62C Privilege escalation via ApiTokensEndpoint
Impact An attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on https://sentry.io. For...
CVE-2023-31221
CVE-2023-31221 affects the PDQ CSV WordPress plugin (WordPress PDQ CSV) with an Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in versions = 1.0.0. Monitoring for updates is advised if further details emerge.
CVE-2023-28931
Never5 Post Connector plugin prior to 1.0.9 is affected by a Stored Cross‑Site Scripting (XSS) vulnerability requiring admin+ authentication. The issue is mitigated by upgrading to version 1.0.9 or later.
CVE-2023-28934
CVE-2023-28934 relates to a stored XSS vulnerability in the WordPress plugin WP Full Stripe Free (Mammothology WP Full Stripe Free) for versions ≤ 1.6.1. The flaw requires admin+ authentication and can be triggered via input handling within the plugin, enabling stored cross-site scripting. Public...