WordPress Plugin Estatik Real Estate Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

PrestaShop some attribute not escaped in Validate::isCleanHTML method

Description Some event attributes are not detected by the isCleanHTML method Impact Some modules using the isCleanHTML method could be vulnerable to xss Patches 8.1.3, 1.7.8.11 Workarounds The best workaround is to use the HTMLPurifier library to sanitize html input coming from users. The library...

Code injection

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get...

PKP Open Journals System Cross-Site Scripting Vulnerability

PKP Open Journals System is a journal system. A cross-site scripting vulnerability exists in PKP Open Journals System prior to version 3.3.0-16, which stems from the fact that certain inputs are not escaped and can be exploited by an attacker to inject malicious script into a web site...

CVE-2023-40121

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-39521 Tuleap vulnerable to Cross-site Scripting on the success message of a kanban deletion

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" visible in the kanban and PV2 apps ...

Stored XSS in Page Title

Description At the latest version, the page title has been escaped and cannot trigger the XSS payload. However, by login to a user with other privileges, I see that It's still not escaped yet. Proof of Concept Step 1: Login as Admin, create a page in site1 with the title "test and see that the pa...

WordPress Plugin AI ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2023-2831 Denial of Service while unescaping a Markdown string

Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters...

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a resource management error vulnerability that stems from an inability to unescape Markdown strings, which can be exploited by an attacker to cause a denial of service by sendin...

Jenkins CSRF protection bypass vulnerability

Jenkins provides context menus for various UI elements, like links to jobs and builds, or breadcrumbs. In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided value...

PT-2023-25161 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.399 and earlier, LTS versions 2.387.3 and earlier Description: The issue arises when POST requests are sent to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a...

JStachio XSS vulnerability: Unescaped single quotes

Impact Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. Reproduction Steps: Use the following template code: html Set the value variable to ' onblur='alert1. java public class Escaping public static void mainString args Model model = ne...

CVE-2023-0600

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

Arbitrary File Write

MindsDB is vulnerable to Arbitrary File Write. The vulnerability exists due to an unsafe extraction process in file.py which does not ensure relative file paths are escaped allowing an attacker to write arbitrary files outside the expected directory...

SUSE CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

DEBIAN-CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

XSS to RCE found in Trilium

Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...

CVE-2023-28487

Sudo before 1.9.13 does not escape control characters in sudoreplay output...

CVE-2023-25813

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fix...