93 matches found
CVE-2024-31925 WordPress F4 Improvements plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0...
CVE-2024-31925
CVE-2024-31925 refers to a Stored XSS in the F4 Improvements WordPress plugin. Affected versions are from n/a through 1.8.0; the issue arises from improper input neutralization during web page generation. It requires authenticated admin privileges and user interaction to exploit (Stored XSS). The...
WordPress Plugin F4 Improvements 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress F4 Improvements plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin F4 Improvements versions = 1.8.0...
WordPress F4 Improvements Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)
Software F4 Improvements Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31925 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID adaa81a3b567 Credits Mika Required privilege Administrator...
CVE-2023-51751
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
Code injection
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
CVE-2023-51751
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
CVE-2023-51751
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
CVE-2023-4486
Summary (CVE-2023-4486) : Johnson Controls Metasys and Facility Explorer are affected by an Uncontrolled Resource Consumption vulnerability. Under certain circumstances, invalid authentication credentials can be sent to the login endpoint of affected engines to cause denial-of-service. Affected p...
PT-2023-29311 · Johnson Controls · Metasys +1
Name of the Vulnerable Software and Affected Versions: Johnson Controls Metasys NAE55, SNE, and SNC engines versions prior to 11.0.6 and 12.0.4 Facility Explorer F4-SNC engines versions prior to 11.0.6 and 12.0.4 Description: Under certain circumstances, invalid authentication credentials could b...
PT-2023-8690 · Unknown · Scalefusion
Name of the Vulnerable Software and Affected Versions: ScaleFusion versions 10.5.2 through 10.5.6 Description: The issue is related to inadequate access control in the Scalefusion MDM Agent, which can allow an attacker to escape from an isolated software environment. Specifically, in version...
WordPress F4 Post Tree Plugin < 1.1.15 is vulnerable to Cross Site Scripting (XSS)
Software F4 Post Tree Type Plugin Vulnerable versions 1.1.15 Fixed in 1.1.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 26798b0a50ec Credits Rafie Muhammad Patchstack Required...
CVE-2022-41415
CVE-2022-41415 affects Acer Altos W2000h-W570h F4, version R01.03.0018. A stack overflow in the RevserveMem component allows an attacker to cause a Denial of Service by injecting crafted shellcode into the NVRAM variable. The public documentation consistently describes the affected component and ...
f4.hqlabs.de Open Redirect vulnerability OBB-2728505
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-45840
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending specifically crafted input to /tos/index.php?app/appstartstop...
CVE-2021-45837
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...
CVE-2021-45840
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending specifically crafted input to /tos/index.php?app/appstartstop...
CVE-2021-45836
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...
CVE-2021-45836
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...