56 matches found
CVE-2024-31395
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...
a-blog cms vulnerable to directory traversal
Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...
WordPress Widgets for Airbnb Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload
Software Widgets for Airbnb Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 17c7b7de54d5 Credits Rafie Muhammad Patchstack...
WordPress Widgets for Zillow Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload
Software Widgets for Zillow Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 4f292716d1ce Credits Rafie Muhammad Patchstack...
WordPress CataBlog Plugin <= 1.7.0 is vulnerable to Arbitrary File Deletion
Software CataBlog Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-47843 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID 9a8041fb49de Credits Rafie Muhammad Patchstack...
OpenNMS Horizon 安全漏洞
OpenNMS Horizon is an open source solution from OpenNMS that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon versions prior to 32.0.2, which stems from the fact that any user with the ROLEFILESYSTEMEDITOR privilege c...
WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Software Themify Portfolio Post Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-32970 Patch priority Low CVSS severity Low 4.1 Developer Claim ownership PSID b8a82c2c105c Credits Muhammad Daffa...
PYSEC-2023-55
Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...
WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)
Software Store Locator WordPress Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.4.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2023-27618 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fa355c2bcc3a Credits Abdi Pranata...
Text panel plugin XSS
Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin “Text”. The stored XSS vulnerability requires several user interactions in order to be...
Stored XSS in ResourcePicker component
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren’t properly...
Bolt Financial Bolt CMS 安全漏洞
Bolt Financial Bolt CMS is an open source PHP-based content management system from Bolt Financial. A security vulnerability exists in Bolt Financial Bolt CMS version 5.1.12 that originates from allowing an authenticated user with ROLEEDITOR privileges to upload and rename malicious files, which c...
CVE-2022-1301
The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2022-24664
PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...
CVE-2001-0289
Joe text editor 2.8 searches the current working directory CWD for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory...