Lucene search
K

202 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.4 views

SUSE CVE-2011-0720

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors...

7.5CVSS6.8AI score0.03171EPSS
Exploits0References3
OSV
OSV
added 2023/02/14 9:35 p.m.18 views

GHSA-7HV8-3FR9-J2HV Cross site scripting Vulnerability in backstage Software Catalog

Impact This vulnerability allows a malicious actor with access to add or modify content in an instance of the Backstage software catalog to inject script URLs in the entities stored in the catalog. If users of the catalog then click on said URLs, that can lead to an XSS attack. Patches This...

6.8CVSS5.8AI score0.00453EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/02/14 5:0 p.m.4 views

CVE-2023-25571 Backstage has XSS Vulnerability in Software Catalog

Backstage is an open platform for building developer portals. @backstage/catalog-model prior to version 1.2.0, @backstage/core-components prior to 0.12.4, and @backstage/plugin-catalog-backend prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicio...

6.8CVSS6.3AI score0.00453EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.5 views

PT-2023-1789 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions prior to 7.9.2 Description: The issue is related to insufficient authorization procedures in the system, allowing a remote attacker to perform unauthorized functions, modify, or delete arbitrary conten...

9CVSS7.9AI score0.00502EPSS
Exploits0References6
OSV
OSV
added 2022/09/30 7:15 p.m.5 views

CVE-2021-36865

Insecure direct object references IDOR vulnerability in ExpressTech Quiz And Survey Master plugin = 7.3.4 at WordPress allows attackers to change the content of the quiz...

4.3CVSS5.8AI score0.00406EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/30 6:52 p.m.9 views

CVE-2021-36865 WordPress Quiz And Survey Master plugin <= 7.3.4 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability in ExpressTech Quiz And Survey Master plugin = 7.3.4 at WordPress allows attackers to change the content of the quiz...

3.8CVSS4.3AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2022/09/13 9:15 p.m.3 views

CVE-2022-38329

A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through...

4.3CVSS5.8AI score0.00399EPSS
Exploits1References2
OSV
OSV
added 2022/09/08 9:10 p.m.40 views

CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...

9.9CVSS8.2AI score0.73608EPSS
Exploits1References5
CVE
CVE
added 2022/09/08 8:45 p.m.85 views

CVE-2022-36099

CVE-2022-36099 affects XWiki Platform Wiki UI Main Wiki. Affected: XWiki Platform versions 5.3-milestone-2 up to but not including 13.10.6 and 14.4. Root cause: via the request URL parameter, an attacker can inject arbitrary wiki syntax using the XWikiServerClassSheet when the attacker has view a...

9.9CVSS9.4AI score0.7589EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2022/03/24 12:0 a.m.13 views

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27555)

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

10CVSS3.6AI score0.01172EPSS
Exploits0References1
Prion
Prion
added 2022/02/07 4:15 p.m.18 views

Sql injection

The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the saveallorder AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to...

4CVSS6.4AI score0.00889EPSS
Exploits2References1Affected Software1
NCSC
NCSC
added 2021/12/16 12:0 a.m.2 views

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. The vulnerabilities potentially allow a malicious party to view non-public wiki content or modify the content of a wiki. MediaWiki has released updates to address the vulnerabilities. fix. More information can be found on the page below:...

7.5CVSS6.7AI score0.0135EPSS
Exploits0
OSV
OSV
added 2021/10/14 4:15 p.m.3 views

CVE-2021-38345

The Brizy Page Builder plugin = 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another...

6.5CVSS5.8AI score0.00726EPSS
Exploits0References1
NVD
NVD
added 2021/10/14 4:15 p.m.18 views

CVE-2021-38345

The Brizy Page Builder plugin = 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another...

7.1CVSS0.00726EPSS
Exploits0References1
Prion
Prion
added 2021/10/14 4:15 p.m.25 views

Authorization

The Brizy Page Builder plugin = 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another...

4CVSS6.4AI score0.00726EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/10/14 3:56 p.m.11 views

CVE-2021-38345 Brizy <= 1.0.125 and 1.0.127 – 2.3.11 Incorrect authorization checks allowing Post modification

The Brizy Page Builder plugin = 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another...

7.1CVSS6.9AI score0.00726EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

7.1CVSS6.2AI score0.00726EPSS
Exploits0References3
CNVD
CNVD
added 2021/10/11 12:0 a.m.10 views

Tad Book3 Authorization Issues Vulnerabilities

Tad Book3 is an XOOPS module by the individual developer of Tad in Taiwan, China, which can be used to write books, handouts, and as a notepad. Tad Book3 suffers from an authorization issue vulnerability that stems from the Tad Book3 Edit Book page not performing authentication. An attacker can u...

9.1CVSS6.8AI score0.01222EPSS
Exploits0References1
Prion
Prion
added 2021/10/08 4:15 p.m.15 views

Design/Logic Flaw

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission...

6.4CVSS9.2AI score0.01222EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 7:52 p.m.17 views

Prototype Pollution in mixme

Impact When copying properties from a source object to a target object, the target object can gain access to certain properties of the source object and modify their content. Patches The problem was patch with a more agressive discovery of secured properties to filter out...

2.2AI score
Exploits0References6Affected Software1
Rows per page
Query Builder