GHSA-FC38-2254-48G7 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Devic...

CVE-2024-47524

Summary of CVE-2024-47524 (LibreNMS) : The vulnerability affects LibreNMS where an Admin can create a Device Group and the input is not properly sanitized in the Device Group name. As a result, viewing the Device Group detail can trigger injected JavaScript, i.e., a stored XSS vulnerability. This...

CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...

PT-2024-32639 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: The application fails to properly sanitize user input in the Device Groups name, allowing an attacker to execute malicious JavaScript code when a user views the details of the Device Group. This...

unable to hide Published desktop for specific client device/domain groups via BrokerAccessPolicy

unable to hide Published desktop for specific client device/domain groups via BrokerAccessPolicy Limit visibility in a delivery group for specific user/client...

CVE-2024-43237

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.3...

CVE-2024-43237 WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.3...

CVE-2024-43237 WordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through = 2.0.3...

From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

While analyzing attacks on Russian organizations, our team regularly encounters overlapping tactics, techniques, and procedures TTPs among different cybercrime groups, and sometimes even shared tools. We recently discovered one such overlap: similar tools and tactics between two hacktivist groups...

CVE-2024-8350

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

CVE-2024-8349

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...

CVE-2024-8349 Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...

CVE-2024-8349

CVE-2024-8349 / CVE-2024-8350 (Uncanny Groups for LearnDash, WordPress) : The WordPress plugin is vulnerable to privilege escalation via a flawed access check in the group-management REST endpoint. Authenticated users with group leader level access (and above) can add or modify group members and,...

WordPress Uncanny Groups for LearnDash plugin <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation vulnerability

Authenticated Group Leader+ Privilege Escalation vulnerability discovered by Karl Emil Nikka in WordPress Plugin Uncanny Groups for LearnDash versions = 6.1.0.1...

WordPress Uncanny Groups for LearnDash plugin <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add vulnerability

Missing Authorization to Authenticated Group Leader+ User Group Add vulnerability discovered by Karl Emil Nikka in WordPress Plugin Uncanny Groups for LearnDash versions = 6.1.0.1...

PT-2024-38965 · WordPress · Uncanny Groups For Learndash

Name of the Vulnerable Software and Affected Versions: Uncanny Groups for LearnDash plugin for WordPress versions up to, and including, 6.1.0.1 Description: The issue allows authenticated attackers with group leader-level access and above to exploit a missing capability check on the "/wp-json/ulg...

WordPress plugin WordPress Tag Cloud Plugin – Tag Groups 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress plugin Uncanny Groups for LearnDash 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Uncanny Groups for LearnDash 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Uncanny Groups for LearnDash Plugin <= 6.1.0.1 is vulnerable to Privilege Escalation

Software Uncanny Groups for LearnDash Type Plugin Vulnerable versions = 6.1.0.1 Fixed in 6.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8349 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 0a9f41b67f...