WordPress Plugin Interactive World Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 CVSS score: 10.0, could be weaponized to obtain unauthenticated remote shell command execution o...

WordPress Interactive World Maps plugin <= 2.4.14 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Usama Arshad in WordPress Plugin Interactive World Maps versions = 2.4.14...

WordPress Interactive World Maps Plugin <= 2.4.14 is vulnerable to Cross Site Scripting (XSS)

Software Interactive World Maps Type Plugin Vulnerable versions = 2.4.14 Fixed in 2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3681 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 878a6d2b6c74 Credits Usama Arshad...

CVE-2024-32694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook...

CVE-2024-32694

CVE-2024-32694 affects the Real 3D FlipBook WordPress plugin (3D FlipBook, PDF Viewer, PDF Embedder). The flaw is a Reflected XSS in input handling that can occur in Real 3D FlipBook up to version 3.62. Public details in connected records confirm the vulnerability type and affected products; expl...

WordPress Vision Interactive Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software Vision Interactive Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32779 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ed5556ff45af Credits Steven Julian Required...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

CVE-2023-33806

The CVE-2023-33806 issue concerns Hikvision Interactive Tablet DS-D5B86RB/B, version 2.3.0 build220119, with insecure default configurations that allow an attacker to execute arbitrary commands. The connected sources (Red Hat and CNNVD/NVD/CVE lists, and PT-Security note) confirm the product and ...

PT-2024-12442 · Hikvision · Hikvision Interactive Tablet Ds-D5B86Rb/B

Name of the Vulnerable Software and Affected Versions: Hikvision Interactive Tablet DS-D5B86RB/B version 2.3.0 build220119 Description: Insecure default configurations in the Hikvision Interactive Tablet allow attackers to execute arbitrary commands. Recommendations: For version 2.3.0 build220119...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a cross-site scripting vulnerability that stems from improper coding or escaping, which can be...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17934)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to view a server...

CLSA-2024-1712672592 git: Fix of 2 CVEs

CVE-2021-40330: forbid newlines in host and path in gitconnect - CVE-2022-39260: shell - limit size of interactive commands...

curl security and bug fix update

7.61.1-33.5 - cap SFTP packet size sent RHEL-5485 - when keyboard-interactive auth fails, try password 2229800 - unify the upload/method handling CVE-2023-28322 - fix cookie injection with none file CVE-2023-38546 - lowercase the domain names before PSL checks CVE-2023-46218...

CVE-2024-31091

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SparkWeb Interactive, Inc. Custom Field Bulk Editor allows Reflected XSS.This issue affects Custom Field Bulk Editor: from n/a through 1.9.1...

CVE-2024-31091

CVE-2024-31091 is a reflected XSS in the WordPress plugin Custom Field Bulk Editor by SparkWeb Interactive, affecting versions from n/a through 1.9.1. The provided sources do not include a confirmed patch or mitigation details.

CVE-2024-31091 WordPress Custom Field Bulk Editor plugin <= 1.9.1 - Cross Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SparkWeb Interactive, Inc. Custom Field Bulk Editor allows Reflected XSS.This issue affects Custom Field Bulk Editor: from n/a through 1.9.1...