WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Polish Map Type Plugin Vulnerable versions = 1.2 Fixed in 1.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23821 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID be3ac8b7a0a2 Credits Rio Darmawan...

CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

Code injection

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

CVE-2023-22499

CVE-2023-22499 (Deno) describes a race-condition vulnerability where multi-threaded code could spoof the interactive permission prompt by rewriting the prompt, potentially clearing the terminal and displaying a generic message. Affected component: Deno runtime (JavaScript/TypeScript, built with R...

CVE-2023-22499 Interactive permission prompt spoofing in Deno

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

PT-2023-1315 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.29.3 Description: The issue is related to errors in synchronization when using a shared resource in Deno, a runtime for JavaScript and TypeScript. This could allow a remote attacker to execute arbitrary code...

CVE-2022-4393

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-4391

The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-4391 Vision Interactive For WordPress <= 1.5.3 - Contributor+ Stored XSS

The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-4391

The Vision Interactive For WordPress plugin (versions ≤ 1.5.3) contains a Stored XSS risk due to inadequate sanitization/escaping of some settings, allowing low-privilege users (e.g., Contributor+) to inject scripts even when unfiltered_html is disallowed. The issue is documented across multiple ...

CVE-2022-4391 Vision Interactive For WordPress <= 1.5.3 - Contributor+ Stored XSS

The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-4393 ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Contributor+ Stored XSS

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress Plugin Vision Interactive For WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-14394 · WordPress · Vision Interactive

Name of the Vulnerable Software and Affected Versions: The Vision Interactive For WordPress plugin versions 1.5.3 and earlier Description: The issue allows users, such as contributor+, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, due to t...

Out-of-bounds

In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342114; Issue ID: ALPS07342114...

The vulnerability of the kbdint_next_device() function in the sshd service of the OpenSSH security tool allows a attacker to execute a brute-force attack or cause a service failure.

The vulnerability of the kbdintnextdevice function in the sshd service of the OpenSSH cryptographic protection mechanism is related to deficiencies in access control when processing the oKbdInteractiveDevices parameter, which contains a list of methods for authenticating using an interactive...

ImageLinks Interactive Image Builder for WordPress < 1.5.4 - Contributor+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Create a new vision item with whatever role, even if it's an Administrator. 2. Connec...