mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...

WordPress Greenshift – animation and page builder blocks Plugin <= 9.3.7 is vulnerable to Cross Site Scripting (XSS)

Software Greenshift – animation and page builder blocks Type Plugin Vulnerable versions = 9.3.7 Fixed in 9.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44005 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6b98adee659f Credits João Pedr...

WordPress Bricks Builder Theme <= 1.10.1 is vulnerable to Cross Site Scripting (XSS)

Software Bricks Builder Type Theme Vulnerable versions = 1.10.1 Fixed in 1.10.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3410 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID acd84adffb41 Credits Ram Required privilege...

WordPress SKT Templates – Elementor & Gutenberg templates Plugin <= 6.14 is vulnerable to Cross Site Scripting (XSS)

Software SKT Templates – Elementor & Gutenberg templates Type Plugin Vulnerable versions = 6.14 Fixed in 6.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44007 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c6e7fe073020 Credits...

WordPress Geo Mashup Plugin <= 1.13.12 is vulnerable to Cross Site Scripting (XSS)

Software Geo Mashup Type Plugin Vulnerable versions = 1.13.12 Fixed in 1.13.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44008 Patch priority Low CVSS severity Low 6.5 Developer Dylan Kuhn PSID d830e975a22f Credits LVT-tholv2k Required privilege Contributor...

WordPress Stream Plugin <= 4.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Stream Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7423 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID c46db6dcec76 Credits vgo0 Required privilege...

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...

WordPress Carousel Slider Plugin < 2.2.14 is vulnerable to Cross Site Scripting (XSS)

Software Carousel Slider Type Plugin Vulnerable versions 2.2.14 Fixed in 2.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6850 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7f793427535a Credits Krugov Artyom Required...

WordPress WP Simple Booking Calendar Plugin <= 2.0.10 is vulnerable to Cross Site Scripting (XSS)

Software WP Simple Booking Calendar Type Plugin Vulnerable versions = 2.0.10 Fixed in 2.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8663 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 00e7be38a235 Credits vgo0...

WordPress YITH Custom Login Plugin <= 1.7.3 is vulnerable to Cross Site Scripting (XSS)

Software YITH Custom Login Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8665 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 91c2ea88e903 Credits vgo0 Required privilege...

WordPress NinjaTeam Header Footer Custom Code Plugin < 1.2 is vulnerable to Cross Site Scripting (XSS)

Software NinjaTeam Header Footer Custom Code Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6493 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 618713328f1e Credits Takshal...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release

Red Hat OpenShift Dev Spaces 3.16 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System...

EulerOS 2.0 SP10 : orc (EulerOS-SA-2024-2449)

According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...

WordPress CM Pop-Up banners Plugin < 1.7.3 is vulnerable to Cross Site Scripting (XSS)

Software CM Pop-Up banners Type Plugin Vulnerable versions 1.7.3 Fixed in 1.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5799 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 747794d443c6 Credits Eunho Kim Required...

WordPress WP Meta SEO Plugin <= 4.5.13 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.13 Fixed in 4.5.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45455 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3b8514759b32 Credits Robert DeVore Required privilege...

WordPress WordPress Tag Cloud Plugin – Tag Groups Plugin <= 2.0.3 is vulnerable to Sensitive Data Exposure

Software WordPress Tag Cloud Plugin – Tag Groups Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43237 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d69c3848e4ee Credits Pen...

WordPress Spiffy Calendar Plugin <= 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.13 Fixed in 4.9.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45458 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6044522ff419 Credits LVT-tholv2k Required privilege...

EulerOS 2.0 SP9 : orc (EulerOS-SA-2024-2376)

According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...

WordPress WP Meta SEO Plugin <= 4.5.13 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.13 Fixed in 4.5.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45456 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 753a33ee6300 Credits Robert DeVore Required privilege...