Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin = 1.4.2 versions...

CVE-2023-41800

CVE-2023-41800: A stored XSS vulnerability in the UniConsent CMP WordPress plugin (UniConsent CMP for GDPR CPRA GPP TCF) affecting versions

PT-2023-28100 · Unknown · Uniconsent Cmp

Name of the Vulnerable Software and Affected Versions: UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin versions prior to 1.4.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This type of vulnerability allo...

The vulnerability of the CmpAppForce component in CODESYS software products allows a hacker to trigger a service failure.

The vulnerability of the CmpAppForce component in CODESYS software products is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the CMPapp component in CODESYS software products allows a hacker to trigger a service failure.

The vulnerability of the CMPapp component in CODESYS software products is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2023-37552

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition...

CVE-2023-37550

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

PT-2023-5014 · 3S Smart Software Solutions · Codesys Cmpapp

Name of the Vulnerable Software and Affected Versions: CODESYS CMPapp affected versions not specified Description: The issue is related to insufficient input validation in the CMPapp component of CODESYS software products. This can be exploited by a remote attacker to cause a denial of service...

Medium: openssl11

Issue Overview: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may...

Ubuntu 16.04 ESM : OpenSSL vulnerability (USN-6188-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6188-1 advisory. Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to...

CVE-2023-2159

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...

CVE-2023-2159 CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...

CVE-2023-2159

The CVE-2023-2159 entry concerns the WordPress plugin CMP – Coming Soon & Maintenance (versions up to 4.1.7). The root cause is an improper maintenance mode bypass via the cmp_bypass GET parameter, which, when equal to the md5-hashed home_url, allows bypassing the plugin’s maintenance mode featur...

CVE-2020-36730

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmpgetpostdetail, niteoexportcsv, and cmpdisablecomingsoonajax functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export...

CVE-2020-36730

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmpgetpostdetail, niteoexportcsv, and cmpdisablecomingsoonajax functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export...

Authorization

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmpgetpostdetail, niteoexportcsv, and cmpdisablecomingsoonajax functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export...

CVE-2020-36730 CMP <= 3.8.1 - Missing Authorization

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmpgetpostdetail, niteoexportcsv, and cmpdisablecomingsoonajax functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export...

CVE-2020-36730

The Red Hat, NVD, and related feeds corroborate that the WordPress CMP plugin is vulnerable to an authorization bypass in versions up to 3.8.1 due to a missing capability check in three functions: cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax(). This allows unauthenti...

WordPress Plugin CMP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

The vulnerability of the CmpUserMgr component in the Codesys industrial automation software suite allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CmpUserMgr component in the Codesys industrial automation software suite is related to the use of a unreliable cryptographic algorithm. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...