Moderate: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

ROS-20240503-05

Microsoft Visual Studio Codef source code editor vulnerability is related to flaws in access control. access. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his or her privileges...

Genesis Blocks < 3.1.3 - Contributor+ Stored XSS

Description The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. As a contributor, put the below code in a post while in Code Editor mode The XSS will be triggered when viewing/previewing...

Otter Blocks < 2.6.6 - Contributor+ Stored XSS

Description The plugin does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. PoC As a contributor, put the following payload in a post while in Code Editor mode The XSS will be triggered wh...

Otter Blocks < 2.6.6 - Contributor+ Stored XSS

Description The plugin does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. As a contributor, put the following payload in a post while in Code Editor mode The XSS will be triggered when...

Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor or above, edit a post in...

Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor or above, edit a post in...

Persistence – Visual Studio Code Extensions

It is not uncommon developers or users responsible to write code i.e. detection engineers using Sigma to utilize Visual Studio Code as their code editor.… Continue reading - Persistence - Visual Studio Code Extensions...

SiteOrigin Widgets Bundle < 1.58.3 - Contributor+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via the code editor due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to perform Stored XSS attacks...

CVE-2024-0961

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access ...

WordPress plugin ark-commenteditor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

CVE-2023-46404

PCRS = 3.11 d0de1e “Questions” page and “Code editor” page are vulnerable to remote code execution RCE by escaping Python sandboxing...

CVE-2023-46404

PCRS = 3.11 d0de1e “Questions” page and “Code editor” page are vulnerable to remote code execution RCE by escaping Python sandboxing...

CVE-2023-46404

PCRS = 3.11 d0de1e “Questions” page and “Code editor” page are vulnerable to remote code execution RCE by escaping Python sandboxing...

CVE-2023-46404

PCRS (PHP-based web app for online programming exercises) versions prior to 3.11 (d0de1e) are vulnerable to remote code execution via the "Questions" page and the "Code editor" page. The root cause is escaping Python sandboxing, enabling attacker-controlled code execution. Public advisories consi...

PT-2023-30004 · Pcrs · Pcrs

Name of the Vulnerable Software and Affected Versions: PCRS versions prior to 3.11 d0de1e Description: The issue allows for remote code execution RCE by escaping Python sandboxing on the "Questions" page and the "Code editor" page. Recommendations: For versions prior to 3.11 d0de1e, update to...

ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks As a contributor, create or edit a post with the payload below while in code editor mode xyz The XSS will be triggered when...

Enable Media Replace < 4.1.3 - Author+ PHP Object Injection

Description The plugin unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog Step 1: Add the following code to the end of the file located at...

Lapce security breach

Lapce is a code editor from Lapce open source. It enables lightning fast computation and utilizes Wgpu for rendering. A security vulnerability exists in Lapce version v0.2.8, which stems from allowing an attacker to elevate system privileges...