168 matches found
PT-2024-38447 · WordPress · Front End Users
Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.28 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode due to insufficient input sanitization and output escaping on...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Exim vulnerability (USN-6939-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6939-1 advisory. Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this...
Halloy IRC Credential Gatherer
This module searches for credentials stored on Halloy IRC Client on a Windows host. Module Options msf use post/windows/gather/credentials/halloyirc msf posthalloyirc show actions ...actions... msf posthalloyirc set ACTION msf posthalloyirc show options ...show and set options... msf posthalloyir...
GHSA-8CPH-M685-6V6R OpenFGA Authorization Bypass
Overview Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. Am I Affected? You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. a and b and you have any cyclical relationships. If...
CVE-2024-31452 OpenFGA Authorization Bypass
OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. ...
CVE-2023-33322
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25...
CVE-2023-33322
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25...
CVE-2023-33322 WordPress Front End Users plugin < 3.2.25 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25...
CVE-2023-33322 WordPress Front End Users plugin < 3.2.25 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25...
PT-2024-12427 · Unknown · Etoile Web Design Front End Users
Name of the Vulnerable Software and Affected Versions: Etoile Web Design Front End Users versions prior to 3.2.25 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...
WordPress Plugin Front End Users 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2023-46671
A flaw was found in Kibana, where exposure of sensitive information in log files may occur. In some uncommon conditions, if error messages are returned, the log may contain account credentials for the kibanasystem 64 user, API Keys, and credentials of Kibana end-users...
Contao 跨站脚本漏洞
Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that originates from the possibility of an untrusted back-end user injecting malicious co...
CVE-2023-34005
Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...
CVE-2023-34005
Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...
CVE-2023-34005 WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...
CVE-2023-34005
CVE-2023-34005 describes a CSRF vulnerability in the Etoile Web Design Front End Users plugin for WordPress, affecting versions ≤ 3.2.24. The vulnerability allows unauthenticated actors to trigger actions on behalf of a logged-in user; patch 3.2.25 fixes this issue. PatchStack notes the vulnerabi...
Front End Users < 3.2.25 - Cross-Site Request Forgery
Description Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Front End Users plugin = 3.2.24 versions...
Input validation
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...