Lucene search
K

168 matches found

Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.6 views

PT-2024-38447 · WordPress · Front End Users

Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.28 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00311EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/08/01 12:0 a.m.21 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Exim vulnerability (USN-6939-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6939-1 advisory. Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this...

5.4CVSS6.9AI score0.41225EPSS
Exploits5References2
Metasploit
Metasploit
added 2024/05/17 7:54 p.m.316 views

Halloy IRC Credential Gatherer

This module searches for credentials stored on Halloy IRC Client on a Windows host. Module Options msf use post/windows/gather/credentials/halloyirc msf posthalloyirc show actions ...actions... msf posthalloyirc set ACTION msf posthalloyirc show options ...show and set options... msf posthalloyir...

6.9AI score
Exploits0
OSV
OSV
added 2024/04/16 10:57 p.m.21 views

GHSA-8CPH-M685-6V6R OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. Am I Affected? You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. a and b and you have any cyclical relationships. If...

8.1CVSS8.1AI score0.00656EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/16 9:40 p.m.51 views

CVE-2024-31452 OpenFGA Authorization Bypass

OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. ...

8.1CVSS8.1AI score0.00656EPSS
Exploits0References2
NVD
NVD
added 2024/03/26 9:15 a.m.19 views

CVE-2023-33322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25...

7.1CVSS6.9AI score0.00379EPSS
Exploits0References1
OSV
OSV
added 2024/03/26 9:15 a.m.5 views

CVE-2023-33322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25...

6.1CVSS7.3AI score0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/26 8:48 a.m.10 views

CVE-2023-33322 WordPress Front End Users plugin < 3.2.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25...

7.1CVSS7.2AI score0.00379EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/26 8:48 a.m.21 views

CVE-2023-33322 WordPress Front End Users plugin < 3.2.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25...

7.1CVSS7.1AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.6 views

PT-2024-12427 · Unknown · Etoile Web Design Front End Users

Name of the Vulnerable Software and Affected Versions: Etoile Web Design Front End Users versions prior to 3.2.25 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...

7.1CVSS9.4AI score0.00379EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.5 views

WordPress Plugin Front End Users 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.1CVSS8.2AI score0.00379EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/11/24 4:21 a.m.56 views

CVE-2023-46671

A flaw was found in Kibana, where exposure of sensitive information in log files may occur. In some uncommon conditions, if error messages are returned, the log may contain account credentials for the kibanasystem 64 user, API Keys, and credentials of Kibana end-users...

4.8CVSS6.8AI score0.00656EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.5 views

Contao 跨站脚本漏洞

Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that originates from the possibility of an untrusted back-end user injecting malicious co...

6.5CVSS5.9AI score0.00534EPSS
Exploits1References6
NVD
NVD
added 2023/07/17 3:15 p.m.17 views

CVE-2023-34005

Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...

8.8CVSS0.00263EPSS
Exploits0References1
OSV
OSV
added 2023/07/17 3:15 p.m.4 views

CVE-2023-34005

Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...

8.8CVSS5.8AI score0.00263EPSS
Exploits0References1
Prion
Prion
added 2023/07/17 3:15 p.m.18 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...

6.8CVSS8.8AI score0.00263EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/17 2:46 p.m.13 views

CVE-2023-34005 WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...

6.5CVSS7.1AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2023/07/17 2:46 p.m.45 views

CVE-2023-34005

CVE-2023-34005 describes a CSRF vulnerability in the Etoile Web Design Front End Users plugin for WordPress, affecting versions ≤ 3.2.24. The vulnerability allows unauthenticated actors to trigger actions on behalf of a logged-in user; patch 3.2.25 fixes this issue. PatchStack notes the vulnerabi...

8.8CVSS7.7AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/17 12:0 a.m.12 views

Front End Users < 3.2.25 - Cross-Site Request Forgery

Description Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...

8.8CVSS6.8AI score0.00263EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/07/05 10:15 a.m.18 views

Input validation

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...

4.4CVSS7.3AI score0.00253EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder