SUSE CVE-2018-9336

openvpnserv.exe aka the interactive service helper in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other...

SUSE CVE-2021-3020

An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...

WordPress Interactive Geo Maps Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Geo Maps Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23866 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 12ba37f5354f Credits yuyudhn Required...

WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Interactive SVG Image Map Builder Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25704 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9e6397036265 Credits Lokesh...

GHSA-29GW-9793-FVW7 IPython vulnerable to command injection via set_term_title

IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the settermtitle function under specific conditions. This has been patched in version 8.10.0. Impact Users are only vulnerable when calling...

CVE-2023-24816

CVE-2023-24816 concerns IPython (versions before 8.1.0). The vulnerability arises when the function IPython.utils.terminal.set_term_title is called on Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 can prevent the vulnerable...

WordPress Interactive Geo Maps Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Geo Maps Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0731 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 116865bf62ab Credits Marco Wotsch...

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731 Interactive Geo Maps <= 1.5.9 - Authenticated (Editor+) Stored Cross-Site Scripting

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-0731

CVE-2023-0731 affects the WordPress Interactive Geo Maps plugin up to version 1.5.9. The root cause is insufficient input sanitization and output escaping on user-supplied attributes in the action content parameter, enabling stored Cross-Site Scripting for authenticated users with editor-level pe...

WordPress plugin Interactive Geo Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

Interactive Geo Maps < 1.5.11 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters before outputting them back in attributes, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-16485 · WordPress · Interactive Geo Maps

Name of the Vulnerable Software and Affected Versions: Interactive Geo Maps plugin for WordPress versions up to, and including, 1.5.9 Description: The issue is related to Stored Cross-Site Scripting via the action content parameter due to insufficient input sanitization and output escaping on...

CVE-2023-20609

In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864...

Interactive Geo Maps < 1.5.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to be used as an interactive penetration testing tool for SSTI detection...

bigben-interactive.de Cross Site Scripting vulnerability OBB-3168092

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...