205 matches found
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
PT-2024-24354
Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 1.4.21 Description A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the / nicegui/ version /resources/key/path:path route. As a result, any file on the backend...
Leaflet Map < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above...
CVE-2023-5050
The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to...
CVE-2023-5050
The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to...
CVE-2023-5050 Leaflet Map <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to...
CVE-2023-5050
Leaflet Map plugin for WordPress is affected by CVE-2023-5050. Affected software: Leaflet Map plugin for WordPress; vulnerable versions up to and including 3.3.0. Root cause: insufficient input sanitization and output escaping leading to Stored Cross-Site Scripting via shortcode attributes. Explo...
WordPress Plugin Leaflet Map Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-31580 · WordPress · Leaflet Map
Name of the Vulnerable Software and Affected Versions: Leaflet Map plugin for WordPress versions up to, and including, 3.3.0 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping. This allows authenticated...
WordPress Extensions for Leaflet Map Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Extensions for Leaflet Map Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5050 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID acc5ac62f7be Credits Lana Codes...
CVE-2023-31074
Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...
CVE-2023-31074
Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...
CVE-2023-31074 WordPress Extensions for Leaflet Map Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...
CVE-2023-31074 WordPress Extensions for Leaflet Map Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...
CVE-2023-31074
CVE-2023-31074: Unauthenticated Reflected Cross-Site Scripting in WordPress plugin Extensions for Leaflet Map (hupe13) 3.4.1; Patchstack lists 3.4.2 as the fix. Red Hat and other feeds corroborate the issue in plugin
Extensions for Leaflet Map < 3.4.2 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2023-23136 · Unknown · Hupe13 Extensions For Leaflet Map
Name of the Vulnerable Software and Affected Versions: hupe13 Extensions for Leaflet Map plugin versions = 3.4.1 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing the...