Lucene search
+L

176 matches found

NVD
NVD
added 2024/04/09 7:15 p.m.13 views

CVE-2023-6964

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadenceimportgetnewconnectiondata' AJAX action. This makes it possible for authenticated attackers, with...

8.5CVSS8.2AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2024/04/09 12:56 a.m.43 views

CVE-2024-30215

SAP Business Connector is affected by CVE-2024-30215, a cross-site scripting (XSS) vulnerability on the Resource Settings page. The issue allows a high-privilege attacker to load an exploitable payload that is stored and reflected when users visit the page, with potential information disclosure o...

4.8CVSS4.9AI score0.00316EPSS
Exploits0References2
CNVD
CNVD
added 2024/03/25 12:0 a.m.8 views

Delta Electronics DIAEnergie DIAE_tagHandler. ashx Script SQL Injection Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. An SQL injection vulnerability exists in the Delta Electronics DIAEnergie DIAEtagHandler. ashx script, which can be exploited by an attacker to view, add, modify, or delete information in...

8.8CVSS7.5AI score0.08484EPSS
Exploits0References1
NVD
NVD
added 2023/08/16 5:15 a.m.22 views

CVE-2023-3958

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...

8.5CVSS8.4AI score0.00539EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/08/16 4:36 a.m.7 views

CVE-2023-3958 WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...

8.5CVSS6.8AI score0.00539EPSS
Exploits0References4
NVD
NVD
added 2023/07/11 3:15 a.m.19 views

CVE-2023-36918

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in...

6.1CVSS6.2AI score0.00395EPSS
Exploits0References2
CVE
CVE
added 2023/07/11 2:26 a.m.45 views

CVE-2023-33988

CVE-2023-33988 affects SAP Enable Now components: WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704. The vulnerability stems from the absence of implemented Content-Security-Policy and X-XSS-Protection headers, enabling an unauthenticated attacker to attempt ref...

6.1CVSS6.2AI score0.00395EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/11 2:26 a.m.32 views

CVE-2023-33988 Cross-Site Scripting vulnerability in SAP Enable Now

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in...

6.1CVSS6.4AI score0.00395EPSS
Exploits0References2
Prion
Prion
added 2023/06/27 8:15 p.m.15 views

Cross site request forgery (csrf)

An cross site request forgery CSRF vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information...

5.4CVSS7.1AI score0.00365EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/27 12:0 a.m.21 views

CVE-2020-18416

An cross site request forgery CSRF vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information...

7.9AI score0.00365EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/27 12:0 a.m.31 views

CVE-2020-18416

An cross site request forgery CSRF vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information...

7.1AI score0.00365EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.14 views

PT-2023-11501 · Jymusic · Jymusic

Name of the Vulnerable Software and Affected Versions: Jymusic version 2.0.0 Description: A cross-site request forgery CSRF issue allows attackers to execute arbitrary code via the "/admin.php?s=/addons/config.html&id=6" API endpoint to modify payment information. This can be achieved by exploiti...

6.8CVSS6.9AI score0.00365EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/13 2:49 a.m.38 views

CVE-2023-33991 Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management

SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...

8.2CVSS7.5AI score0.00481EPSS
Exploits0References2
NVD
NVD
added 2023/05/09 2:15 a.m.30 views

CVE-2023-31406

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited...

6.1CVSS6.2AI score0.00455EPSS
Exploits0References2
Prion
Prion
added 2023/05/09 2:15 a.m.22 views

Input validation

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited...

5.8CVSS6.1AI score0.00393EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/09 1:34 a.m.29 views

CVE-2023-30741 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited...

6.1CVSS6.4AI score0.00393EPSS
Exploits0References2
NVD
NVD
added 2023/03/14 5:15 a.m.33 views

CVE-2023-25618

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with...

6.5CVSS6.6AI score0.00613EPSS
Exploits0References2
Prion
Prion
added 2022/12/13 4:15 a.m.26 views

Design/Logic Flaw

In SAP Solution Manager Enterprise Search - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impa...

5.8CVSS6.2AI score0.00453EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/12/13 3:15 a.m.25 views

Sql injection

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration PI - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability...

7.5CVSS8.8AI score0.00566EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/12/12 10:15 p.m.22 views

Input validation

Due to insufficient input validation, SAP NetWeaver AS Java HTTP Provider Service - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality...

5.8CVSS6.2AI score0.00433EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder