Lucene search
K

93 matches found

Cvelist
Cvelist
added 2024/04/11 12:45 p.m.13 views

CVE-2024-31925 WordPress F4 Improvements plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0...

5.9CVSS5.9AI score0.00319EPSS
Exploits0References1
CVE
CVE
added 2024/04/11 12:45 p.m.49 views

CVE-2024-31925

CVE-2024-31925 refers to a Stored XSS in the F4 Improvements WordPress plugin. Affected versions are from n/a through 1.8.0; the issue arises from improper input neutralization during web page generation. It requires authenticated admin privileges and user interaction to exploit (Stored XSS). The...

5.9CVSS5.2AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/11 12:0 a.m.3 views

WordPress Plugin F4 Improvements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

5.9CVSS5.8AI score0.00319EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/10 1:4 p.m.4 views

WordPress F4 Improvements plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin F4 Improvements versions = 1.8.0...

5.9CVSS6.1AI score0.00319EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/10 12:0 a.m.11 views

WordPress F4 Improvements Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software F4 Improvements Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31925 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID adaa81a3b567 Credits Mika Required privilege Administrator...

5.9CVSS6.6AI score0.00319EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/11 2:15 p.m.6 views

CVE-2023-51751

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

6.8CVSS5.5AI score0.00186EPSS
Exploits0References3
Prion
Prion
added 2024/01/11 2:15 p.m.23 views

Code injection

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

4.6CVSS7AI score0.00186EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 12:0 a.m.10 views

CVE-2023-51751

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

6.7AI score0.00186EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/11 12:0 a.m.35 views

CVE-2023-51751

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

6.7AI score0.00186EPSS
Exploits0References3
CVE
CVE
added 2023/12/07 7:55 p.m.53 views

CVE-2023-4486

Summary (CVE-2023-4486) : Johnson Controls Metasys and Facility Explorer are affected by an Uncontrolled Resource Consumption vulnerability. Under certain circumstances, invalid authentication credentials can be sent to the login endpoint of affected engines to cause denial-of-service. Affected p...

7.5CVSS7.6AI score0.00827EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.11 views

PT-2023-29311 · Johnson Controls · Metasys +1

Name of the Vulnerable Software and Affected Versions: Johnson Controls Metasys NAE55, SNE, and SNC engines versions prior to 11.0.6 and 12.0.4 Facility Explorer F4-SNC engines versions prior to 11.0.6 and 12.0.4 Description: Under certain circumstances, invalid authentication credentials could b...

7.5CVSS7.6AI score0.00827EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.5 views

PT-2023-8690 · Unknown · Scalefusion

Name of the Vulnerable Software and Affected Versions: ScaleFusion versions 10.5.2 through 10.5.6 Description: The issue is related to inadequate access control in the Scalefusion MDM Agent, which can allow an attacker to escape from an isolated software environment. Specifically, in version...

7.3CVSS6.5AI score0.00186EPSS
Exploits0References8
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress F4 Post Tree Plugin < 1.1.15 is vulnerable to Cross Site Scripting (XSS)

Software F4 Post Tree Type Plugin Vulnerable versions 1.1.15 Fixed in 1.1.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 26798b0a50ec Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/10/19 12:0 a.m.53 views

CVE-2022-41415

CVE-2022-41415 affects Acer Altos W2000h-W570h F4, version R01.03.0018. A stack overflow in the RevserveMem component allows an attacker to cause a Denial of Service by injecting crafted shellcode into the NVRAM variable. The public documentation consistently describes the affected component and ...

9.8CVSS9.4AI score0.00928EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2022/07/05 6:51 p.m.16 views

f4.hqlabs.de Open Redirect vulnerability OBB-2728505

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
OSV
OSV
added 2022/04/25 11:15 a.m.4 views

CVE-2021-45840

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending specifically crafted input to /tos/index.php?app/appstartstop...

9.8CVSS7.5AI score0.03865EPSS
Exploits1References1
NVD
NVD
added 2022/04/25 11:15 a.m.32 views

CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...

10CVSS0.15914EPSS
Exploits4References2
NVD
NVD
added 2022/04/25 11:15 a.m.25 views

CVE-2021-45840

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending specifically crafted input to /tos/index.php?app/appstartstop...

10CVSS0.03865EPSS
Exploits1References1
NVD
NVD
added 2022/04/25 11:15 a.m.21 views

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...

9CVSS0.02375EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/25 11:15 a.m.2 views

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...

9CVSS7.6AI score0.02375EPSS
Exploits1References2
Rows per page
Query Builder