WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.5.8 is vulnerable to Cross Site Scripting (XSS)

Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.5.8 Fixed in 7.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-33961 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 3f9f31524979 Credits...

Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6012-1 advisory. It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue...

Malicious code in bleeding-edge-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9158e7fb120bf930c7e6ed6c50765fdc9d7c3d1a40435bf8a4b4d202cfd1dd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-29112

The SAP Application Interface Message Monitoring - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limite...

CVE-2023-29112

The SAP Application Interface Message Monitoring - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limite...

CVE-2023-29112 Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)

The SAP Application Interface Message Monitoring - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limite...

CVE-2023-29112

CVE-2023-29112 affects SAP Application Interface Framework (Message Monitoring) versions 600 and 700. An authorized attacker can insert links or headings with custom CSS classes into a comment; the comment renders those links/classes as HTML objects, potentially resulting in limited impact on con...

KLA48838 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability Microsoft Dynamics 365 Customer Voice can be exploited remotely to spoof...

SAP Application Interface Framework 跨站脚本漏洞

SAP Application Interface Framework SAP AIF is an application interface framework from SAP, Germany. A security vulnerability exists in SAP Application Interface Framework ODATA service versions 600 and 700, which allows an authorized attacker to enter a link or title with custom CSS classes into...

PT-2023-17347 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This allows...

turkicworldtourism.com Cross Site Scripting vulnerability OBB-3245713

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The vulnerability of the Google Chrome browser’s CSS component allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Google Chrome browser’s CSS component is related to errors in data type conversion. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information through a specially crafted HTML page...

W4 Post List < 2.4.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. On a post, add a "W4 Post List" block, select a list a...

CVE-2022-47154

Cross-Site Request Forgery CSRF vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin = 2.4.49 versions...

CVE-2022-47154

Cross-Site Request Forgery CSRF vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin = 2.4.49 versions...

CVE-2022-47154 WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin = 2.4.49 versions...

CVE-2022-47154 WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin = 2.4.49 versions...

PT-2023-15198 · Unknown · Pi Websolution Css Js Manager +1

Name of the Vulnerable Software and Affected Versions: Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin versions = 2.4.49 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows a...

WordPress Plugin Pi Websolution CSS JS Manage 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

KLA48561 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in Microsoft Dynamics 365 on-premises can be exploited...