Lucene search
K

241 matches found

NVD
NVD
added 2023/05/08 2:15 p.m.35 views

CVE-2023-0421

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

6.1CVSS6.1AI score0.0051EPSS
Exploits2References1
Prion
Prion
added 2023/05/08 2:15 p.m.15 views

Cross site scripting

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

5.8CVSS6AI score0.0051EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/05/08 1:58 p.m.39 views

CVE-2023-0421 Cloud Manager <= 1.0 - Reflected XSS

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

6.2AI score0.0051EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/05/08 1:58 p.m.6 views

CVE-2023-0421 Cloud Manager <= 1.0 - Reflected XSS

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

6.1AI score0.0051EPSS
Exploits2References1
CVE
CVE
added 2023/05/08 1:58 p.m.72 views

CVE-2023-0421

CVE-2023-0421 refers to a reflected XSS in the Cloud Manager WordPress plugin, affecting versions &lt;= 1.0. The issue arises because the query parameter with the value of the field named (in reports) “ricerca” is not sanitized/escaped before being output in an admin panel, which allows an unauth...

6.1CVSS6.2AI score0.0051EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.6 views

PT-2023-16259 · WordPress · Cloud Manager Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Cloud Manager WordPress plugin versions 1.0 and earlier Description: The issue allows unauthenticated attackers to trick a logged-in admin into triggering a XSS payload by clicking a link, due to the lack of sanitization and escaping of the...

6.1CVSS6.5AI score0.0051EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.5 views

WordPress plugin Cloud Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

6.1CVSS6.9AI score0.0051EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/04/17 12:0 a.m.25 views

WordPress Cloud Manager Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Cloud Manager Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0421 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e0814c8cc2bc Credits Shreya Pohekar Required...

6.1CVSS5.9AI score0.0051EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/12 12:0 a.m.17 views

Cloud Manager <= 1.0 - Reflected XSS

The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. PoC...

6.1CVSS8.6AI score0.0051EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.128 views

Cloud Manager <= 1.0 - Reflected XSS

The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

6.1CVSS8.9AI score0.0051EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/03/14 12:0 a.m.13 views

Tags Cloud Manager <= 1.0.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against ??? high privilege users such as admin|only unauthenticated users...

6.3AI score0.00382EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2023/03/14 12:0 a.m.10 views

WordPress Tags Cloud Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Tags Cloud Manager Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28166 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2ce2846850ca Credits Nithissh S Required...

7.1CVSS5.6AI score0.00382EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2023/03/08 12:30 p.m.7 views

cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +102 more potentially affected by CVE-2023-23638 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.21)

org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =0.0.1, =2.2.7.RELEASE, =1.0.3, =1.0.3, =1.5.1, =2.0.1, =2.0.11 and more Source cves: CVE-2023-23638 Source advisory: OSV:GHSA-933G-V89R-X8...

9.8CVSS7.7AI score0.04847EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.6 views

SUSE CVE-2011-2654

The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session...

9.3CVSS7.8AI score0.03634EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/02 3:33 a.m.44 views

Security Bulletin: IBM Telco Network Cloud Manager - Performance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305)

Summary Apache Log4j is used by IBM Telco Network Cloud Manager - Performance for logging and is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305. The fix includes Apache Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-44832...

9.8CVSS0.9AI score0.97906EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/15 1:30 a.m.38 views

Security Bulletin: IBM Telco Network Cloud Manager - Performance is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j is used by IBM Telco Network Cloud Manager - Performance for logging and is vulnerable to denial of service and arbitrary code execution due to Apache Log4j CVE-2021-45105 and CVE-2021-45046. The fix includes Apache Log4j v2.17. Vulnerability Details CVEID: CVE-2021-45105...

10CVSS0.4AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/22 3:12 p.m.40 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Telco Network Cloud Manager (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Telco Network Cloud Manager to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to...

10CVSS0.8AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/20 10:39 a.m.191 views

Security Bulletin: IBM Telco Network Cloud Manager - Performance: Apache log4j Vulnerability (CVE-2021-44228)

Summary The IBM Telco Network Cloud Manager - Performance is affected by a security vulnerability. Apache Log4j is used by IBM Telco Network Cloud Manager - Performance as part of its UI service. This bulletin provides remediation for the vulnerability, CVE-2021-44228 by upgrading UI service of I...

10CVSS0.6AI score0.99999EPSS
Exploits351Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 7:39 a.m.91 views

Security Bulletin: IBM Telco Network Cloud Manager - Performance: Apache log4j Vulnerability (CVE-2021-44228)

Summary The IBM Telco Network Cloud Manager - Performance is affected by a security vulnerability. Apache Log4j is used by IBM Telco Network Cloud Manager - Performance as part of its UI service. This bulletin provides remediation for the vulnerability, CVE-2021-44228 by upgrading UI service of I...

10CVSS0.6AI score0.99999EPSS
Exploits351Affected Software1
Hacker One
Hacker One
added 2021/11/02 7:2 a.m.32 views

Acronis: XSS in Acronis Cloud Manager Admin Portal

Hello, Hope you are doing well. I wanted to report the following security vulnerability: The Acronis Cloud Manager Admin Portal default swagger UI is vulnerable to cross site scripting. I have the API running locally on my machine. I have attached screenshots of the XSS The URL is:...

5.6AI score
Exploits0
Rows per page
Query Builder