5 matches found
CVE-2024-56511 DataEase has an unauthorized vulnerability
DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class,...
CVE-2024-56511 DataEase has an unauthorized vulnerability
DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class,...
WordPress Spectra Plugin <= 2.10.3 is vulnerable to Cross Site Scripting (XSS)
Software Spectra Type Plugin Vulnerable versions = 2.10.3 Fixed in 2.10.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6486 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ec9e8bd69ac Credits Akbar Kustirama Required...
WordPress WP Rocket 2.10.3 Local File Inclusion Exploit
Paulos Yibelo discovered and reported this Local File Inclusion vulnerability in WordPress WP Rocket Plugin. This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could...
WordPress Simple Job Board Plugin <= 2.10.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Simple Job Board Type Plugin Vulnerable versions = 2.10.3 Fixed in 2.10.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-29440 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1d3f08dd8ec9 Credits Rafshanzani Suha...