181 matches found
CVE-2023-5025
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...
Cross site scripting
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...
CVE-2023-5025 KOHA MARC search.pl cross site scripting
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...
CVE-2023-5025 KOHA MARC search.pl cross site scripting
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...
PT-2023-31508 · Koha · Koha
Name of the Vulnerable Software and Affected Versions: Koha versions up to 23.05.03 Description: A problem has been identified that affects the MARC component, specifically the /cgi-bin/koha/catalogue/search.pl file. This issue can lead to cross-site scripting and can be initiated remotely...
KOHA Cross-Site Scripting Vulnerability
KOHA is a library automation system product by Parantez Teknoloji Individual Developer A cross-site scripting vulnerability exists in KOHA version 23.05.03 and earlier, which stems from a cross-site scripting XSS vulnerability in the component MARC...
Security Bulletin: NVIDIA Cumulus Linux - September 2023
NVIDIA has released a software update for NVIDIA Cumulus Linux. This update addresses security issues that may lead to information disclosure and denial of service. To protect your system, download and install the latest version of NVIDIA Cumulus Linux from the NVIDIA Enterprise Support Portal. G...
marc.retronik.fr Cross Site Scripting vulnerability OBB-3448846
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Intel® Ethernet Controllers and Adapters Advisory
Summary: A potential security vulnerability in some Intel® Ethernet Controllers and Adapters may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-36382 Description: Out-of-bounds write in firmware for som...
marc-corryn.be Cross Site Scripting vulnerability OBB-3096325
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability via SQL Injection SQLi in Media Library discovered by Ben Bidner WordPress security team and Marc Montpas Automattic in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...
marc-biadacz.de Cross Site Scripting vulnerability OBB-2634179
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress UpdraftPlus 1.22.2 Backup Disclosure Vulnerability
UpdraftPlus, a WordPress plugin with over 3 million installations, updated with a security fix for a vulnerability discovered by security researcher Marc Montpas. This vulnerability allowed any logged-in user, including subscriber-level users, to download backups made with the plugin. Backups are...
Vulnerability in UpdraftPlus Allowed Subscribers to Download Sensitive Backups
Update: a previous version of this article indicated that an attacker would need to begin their attack when a backup was in progress, and would need to guess the appropriate timestamp to download a backup. Since the article was originally published, we have found that it is possible to obtain a...
WordPress All in One SEO plugin <= 4.1.5.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Marc Montpas in WordPress All in One SEO plugin versions = 4.1.5.2. Solution Update the WordPress All in One SEO plugin to the latest available version at least 4.1.5.3...
meterN 1.2.3 Remote Command Execution
!-- meterN v1.2.3 Authenticated Remote Command Execution Vulnerability Vendor: Jean-Marc Louviaux Product web page: https://www.metern.org Affected version: 1.2.3 and 0.8.3.2 Summary: meterN is a set of PHP/JS files that make a -Home energy metering & monitoring- solution. It accept any meters li...
meterN v1.2.3 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: meterN v1.2.3 - Remote Code Execution RCE Authenticated Date: 18/11/2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.metern.org !-- meterN v1.2.3 Authenticated Remote Command Execution Vulnerability Vendor: Jean-Marc Louviaux Product web page: https://www.metern.org...
WordPress Smash Balloon Social Post Feed plugin <= 4.0 - Stored Cross-Site Scripting (XSS) via Arbitrary Setting Update vulnerability
Stored Cross-Site Scripting XSS via Arbitrary Setting Update vulnerability discovered by Marc Montpas JetPack Security Team in WordPress Smash Balloon Social Post Feed plugin versions = 4.0. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at lea...
WordPress WP Fastest Cache plugin <= 0.9.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Marc Montpas Jetpack Scan team in WordPress WP Fastest Cache plugin versions = 0.9.4. Solution Update the WordPress WP Fastest Cache plugin to the latest available version at least 0.9.5...
[SECURITY] [DSA 4881-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4881-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq -...