PT-2023-32330 · Sourcecodester · Sourcecodester Sticky Notes App

Name of the Vulnerable Software and Affected Versions: SourceCodester Sticky Notes App version 1.0 Description: A critical vulnerability has been found in the SourceCodester Sticky Notes App, affecting the file endpoint/delete-note.php. The manipulation of the note argument leads to SQL injection...

PT-2023-32329 · Unknown · Sourcecodester Sticky Notes App

Name of the Vulnerable Software and Affected Versions: SourceCodester Sticky Notes App version 1.0 Description: A vulnerability was found in the SourceCodester Sticky Notes App, affecting an unknown part of the file "endpoint/add-note.php". The manipulation of the arguments noteTitle and...

A Graphic Hamas Video Donald Trump Jr. Shared on X Is Actually Real, Research Confirms

A video posted by Donald Trump Jr. showing Hamas militants attacking Israelis was falsely flagged in a Community Note as being years old, thus making X's disinformation problem worse, not better...

OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item

Impact The JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a...

CVE-2022-35950 OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item

OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line...

OroCommerce Cross-Site Scripting Vulnerability

OroCommerce is an open source business-to-business commerce application from Oro. A cross-site scripting vulnerability exists in OroCommerce versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 through 5.0.11, and 5.1.0 through 5.1.1, which stems from the possibility that the JS payload add...

SAP Application Server ABAP Open Redirection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Open Redirect in BSP Test Application it00 Bypass for CVE-2020-6215 Patch product: SAP® Application Server ABAP and ABAP® Platform SAPBASIS vulnerable version: see sectio...

WordPress Plugin Photo Gallery by Ays - Responsive Image Gallery Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Photo Gallery by Ays -...

Heap buffer overflow in libwebp (CVE-2023-4863)

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Products Confirmed Not Affected No Brocade Fibre Channel products from Broadcom are known to be affected by this...

CVE-2023-43784

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...

GHSA-5J46-5HWQ-GWH7 Jenkins Cross-site Scripting vulnerability

ExpandableDetailsNote allows annotating build log content with additional information that can be revealed when interacted with. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote. This results in a stored...

PT-2023-8996 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.423 and earlier, LTS versions 2.414.1 and earlier Description: The issue is related to the lack of escaping of the caption constructor parameter value of ExpandableDetailsNote, resulting in a stored cross-site scripting XSS...

CVE-2010-1765

Rejected reason: This candidate is unused by its CNA...

The vulnerability of the Memos note-taking software, related to insufficient verification of input data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Memos note-taking software is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2023-38075

creationtimestamp| type| source ---|---|--- 2023-09-12 14:22:58+00:00| seen| https://t.me/cibsecurity/70263...

CVE-2023-4865

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2023-4865

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

Cross site request forgery (csrf)

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2023-4865 SourceCodester Take-Note App cross-site request forgery

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2023-4865 SourceCodester Take-Note App cross-site request forgery

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...