CVE-2024-45191

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...

CVE-2024-45191

Matrix libolm up to version 3.2.16 contains an AES implementation vulnerable to cache-timing attacks due to S-box usage in the SubWord step. This affects the libolm-based Olm library used by Matrix, with the caveat that affected products are noted as no longer supported by the maintainer. Connect...

Xpdf 安全漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf version 4.05 and earlier versions, which stems from a page box with extremely large coordinates MediaBox, CropBox, etc. that may...

WordPress Simple Alert Boxes plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Alert Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Simple Alert Boxes versions = 1.4.0...

WordPress plugin Simple Alert Boxes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Simple Alert Boxes Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple Alert Boxes Type Plugin Vulnerable versions = 1.4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5937 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 43f7db91ddf0 Credits Francesco Carlucci...

PT-2024-37252 · WordPress · Simple Alert Boxes

Name of the Vulnerable Software and Affected Versions: The Simple Alert Boxes plugin for WordPress versions up to, and including, 1.4.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Alert shortcode, allowing...

WordPress Plugin Standout Color Boxes and Buttons Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Standout Color Boxes and Buttons Plugin <= 0.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Standout Color Boxes and Buttons Type Plugin Vulnerable versions = 0.7.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2474 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cbc359b9c82d Credits Francesco...

Standout Color Boxes and Buttons <= 0.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

PT-2024-20525 · WordPress · Standout Color Boxes/Buttons

Name of the Vulnerable Software and Affected Versions: The Standout Color Boxes and Buttons plugin for WordPress versions up to, and including, 0.7.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode due to insufficient input sanitization a...

Multiple Mozilla Product Spoofing Vulnerabilities (CNVD-2025-01193)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-12549)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to obscure privilege dialog boxes...

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2024-10439)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

CVE-2023-41810

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773...

PT-2023-28107 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Javascript code to be executed in some Widgets' text bo...

CVE-2023-5469

The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5469

Drop Shadow Boxes (WordPress plugin) is vulnerable to stored XSS via the dropshadowbox shortcode in versions up to 1.7.13 due to insufficient input sanitization and output escaping on shortcode attributes. Authenticated attackers with contributor-level or higher permissions can inject scripts tha...

WordPress Plugin Drop Shadow Boxes Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...