CVE-2024-9146

CVE-2024-9146: WordPress plugin CSS JS Files <= 1.5.0 is affected by a path traversal vulnerability that could allow reading restricted files. Affected versions are listed as

CVE-2024-9146 WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through = 1.5.0...

CVE-2024-9146 WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through = 1.5.0...

CVE-2024-47841

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9...

CVE-2024-47845

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

CVE-2024-47845

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

CVE-2024-47841 Path traversal when loading stylesheets

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9...

CVE-2024-47841

The CVE-2024-47841 affects MediaWiki - CSS Extension. The vulnerability is a Path Traversal flaw in loading stylesheets, enabling improper restriction of pathnames to restricted directories. Affected versions are MediaWiki CSS Extension: 1.39.X up to before 1.39.9; 1.41.X up to before 1.41.3; 1.4...

CVE-2024-47841 Path traversal when loading stylesheets

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9...

CVE-2024-47845 CSS sanitizer used incorrectly, and is easily bypassed

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

CVE-2024-47845

CVE-2024-47845 concerns an issue in the MediaWiki CSS Extension where improper encoding/escaping of output enables code injection. Affected range: MediaWiki CSS Extension versions 1.39.x prior to 1.39.9, 1.41.x prior to 1.41.3, and 1.42.x prior to 1.42.2. Root cause is improper output handling in...

CVE-2024-47845 CSS sanitizer used incorrectly, and is easily bypassed

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

PT-2024-32846 · Wikimedia Foundation · Mediawiki - Css Extension

Name of the Vulnerable Software and Affected Versions: Mediawiki - CSS Extension versions 1.39.X through 1.39.8 Mediawiki - CSS Extension versions 1.41.X through 1.41.2 Mediawiki - CSS Extension versions 1.42.X through 1.42.1 Description: The issue is related to a Path Traversal vulnerability,...

PT-2024-32592

Name of the Vulnerable Software and Affected Versions LiteSpeed Cache versions through 6.5.0.2 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can be exploited by attackers t...

KLA73804 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, spoof user interface, perform cross-site scripting attack, execute arbitrary code. Below is a complete list of...

WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.6.4 is vulnerable to Cross Site Scripting (XSS)

Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.6.4 Fixed in 7.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47348 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e58f30e6b0f0 Credits Dimas Maula...

CVE-2024-8725

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

PT-2024-39204 · WordPress · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress affected versions not specified Description: The issue is due to a lack of proper checks, allowing lower-privileged roles to upload .css and .js files to arbitrary directories. This enables authenticated attackers with...

CVE-2024-8432

The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveappearance function in all versions up to, and including, 5.0.48. This makes it possible for authenticated attackers...

CVE-2024-8432

CVE-2024-8432 applies to the Appointment & Event Booking Calendar Plugin – Webba Booking for WordPress. Vulnerability: missing capability check in save_appearance() allows authenticated users with Subscriber level access and above to modify the booking form CSS, affecting all versions up to 5.0.4...