241 matches found
CVE-2023-0421
The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...
Cross site scripting
The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...
CVE-2023-0421 Cloud Manager <= 1.0 - Reflected XSS
The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...
CVE-2023-0421 Cloud Manager <= 1.0 - Reflected XSS
The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...
CVE-2023-0421
CVE-2023-0421 refers to a reflected XSS in the Cloud Manager WordPress plugin, affecting versions <= 1.0. The issue arises because the query parameter with the value of the field named (in reports) “ricerca” is not sanitized/escaped before being output in an admin panel, which allows an unauth...
PT-2023-16259 · WordPress · Cloud Manager Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Cloud Manager WordPress plugin versions 1.0 and earlier Description: The issue allows unauthenticated attackers to trick a logged-in admin into triggering a XSS payload by clicking a link, due to the lack of sanitization and escaping of the...
WordPress plugin Cloud Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
WordPress Cloud Manager Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Cloud Manager Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0421 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e0814c8cc2bc Credits Shreya Pohekar Required...
Cloud Manager <= 1.0 - Reflected XSS
The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. PoC...
Cloud Manager <= 1.0 - Reflected XSS
The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...
Tags Cloud Manager <= 1.0.0 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against ??? high privilege users such as admin|only unauthenticated users...
WordPress Tags Cloud Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Tags Cloud Manager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28166 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2ce2846850ca Credits Nithissh S Required...
cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +102 more potentially affected by CVE-2023-23638 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.21)
org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =0.0.1, =2.2.7.RELEASE, =1.0.3, =1.0.3, =1.5.1, =2.0.1, =2.0.11 and more Source cves: CVE-2023-23638 Source advisory: OSV:GHSA-933G-V89R-X8...
SUSE CVE-2011-2654
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session...
Security Bulletin: IBM Telco Network Cloud Manager - Performance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305)
Summary Apache Log4j is used by IBM Telco Network Cloud Manager - Performance for logging and is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305. The fix includes Apache Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-44832...
Security Bulletin: IBM Telco Network Cloud Manager - Performance is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Apache Log4j is used by IBM Telco Network Cloud Manager - Performance for logging and is vulnerable to denial of service and arbitrary code execution due to Apache Log4j CVE-2021-45105 and CVE-2021-45046. The fix includes Apache Log4j v2.17. Vulnerability Details CVEID: CVE-2021-45105...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Telco Network Cloud Manager (CVE-2021-44228)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Telco Network Cloud Manager to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to...
Security Bulletin: IBM Telco Network Cloud Manager - Performance: Apache log4j Vulnerability (CVE-2021-44228)
Summary The IBM Telco Network Cloud Manager - Performance is affected by a security vulnerability. Apache Log4j is used by IBM Telco Network Cloud Manager - Performance as part of its UI service. This bulletin provides remediation for the vulnerability, CVE-2021-44228 by upgrading UI service of I...
Security Bulletin: IBM Telco Network Cloud Manager - Performance: Apache log4j Vulnerability (CVE-2021-44228)
Summary The IBM Telco Network Cloud Manager - Performance is affected by a security vulnerability. Apache Log4j is used by IBM Telco Network Cloud Manager - Performance as part of its UI service. This bulletin provides remediation for the vulnerability, CVE-2021-44228 by upgrading UI service of I...
Acronis: XSS in Acronis Cloud Manager Admin Portal
Hello, Hope you are doing well. I wanted to report the following security vulnerability: The Acronis Cloud Manager Admin Portal default swagger UI is vulnerable to cross site scripting. I have the API running locally on my machine. I have attached screenshots of the XSS The URL is:...