Lucene search
K

42 matches found

Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.6 views

PT-2024-39167 · WordPress · Backuply

Name of the Vulnerable Software and Affected Versions: Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to SQL Injection via the options parameter passed to the backuply wp clone sql function due to...

9.1CVSS7.3AI score0.16709EPSS
Exploits0References12
CNNVD
CNNVD
added 2023/11/23 12:0 a.m.4 views

node-openssl Security Vulnerabilities

node-openssl is the openssl package for nodejs. A security vulnerability exists in node-openssl version 2.0.0 and earlier, which stems from a security flaw in the opts parameter...

9.8CVSS6.8AI score0.01909EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/06/14 4:29 p.m.222 views

CVE-2020-7746

A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution...

9.8CVSS3.7AI score0.04678EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/06/13 12:0 a.m.6 views

PT-2022-14221

Name of the Vulnerable Software and Affected Versions Google Tag Manager for WordPress GTM4WP versions up to and including 1.15.1 Description The issue is related to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-optionsscroller-contentid parameter found in the...

5.5CVSS5.8AI score0.01071EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2021/05/10 6:47 p.m.151 views

Prototype pollution in chart.js

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deeply merged with provided options. However, during this operation, the keys of the object being...

9.8CVSS8.4AI score0.04678EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2021/05/06 6:27 p.m.4 views

GHSA-6XV6-JPVW-CX6Q Command injection in bestzip

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...

9.8CVSS7.2AI score0.03145EPSS
Exploits0References3
OSV
OSV
added 2021/03/09 2:15 p.m.3 views

CVE-2021-28006

Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...

6.1CVSS5.7AI score
Exploits0References1
CVE
CVE
added 2021/03/09 1:1 p.m.40 views

CVE-2021-28006

CVE-2021-28006 affects Web Based Quiz System 1.0 with a reflected/stored XSS vulnerability in the admin.php endpoint via the options parameter. The Red Hat, CNVD, NVD, and CVE records in the connected documents corroborate a cross-site scripting flaw in this component, enabling attacker-injected ...

6.1CVSS6AI score0.00863EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/01/01 2:15 a.m.4 views

CVE-2020-35933

A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...

6.5CVSS6.7AI score0.00854EPSS
Exploits1References1
NVD
NVD
added 2020/10/29 8:15 a.m.16 views

CVE-2020-7746

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deeply merged with provided options. However, during this operation, the keys of the object being...

9.8CVSS8.5AI score0.04678EPSS
Exploits1References5
Prion
Prion
added 2020/10/29 8:15 a.m.55 views

Code injection

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deeply merged with provided options. However, during this operation, the keys of the object being...

5CVSS9.3AI score0.04678EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2020/10/29 12:0 a.m.8 views

PT-2020-6799 · Chart.Js · Chartjs

Name of the Vulnerable Software and Affected Versions: chart.js versions prior to 2.9.4 Description: The issue is related to the options parameter not being properly sanitized when processed. This leads to a prototype pollution when the existing options or default options are deeply merged with...

9.8CVSS8.7AI score0.99677EPSS
Exploits103References19
Snyk
Snyk
added 2020/09/02 2:8 p.m.7 views

Command Injection

Overview bestzip is an Uses OS zip command if avaliable for better performance and speed or node.js version if there is no system command avaliable. Can be called via node or command line. Affected versions of this package are vulnerable to Command Injection via the options param. Remediation...

9.8CVSS7.3AI score0.03145EPSS
Exploits0References3
Veracode
Veracode
added 2020/04/06 5:37 a.m.21 views

Remote Code Execution (RCE)

install-package is vulnerable to remote code execution RCE. The attack is possible due to lack of sanitization of options parameter, allowing an attack to take the control of it and execute malicious code...

9.8CVSS4.8AI score0.04118EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2020/04/03 12:0 a.m.3 views

Effect Command Injection Vulnerability

effect is a node program package that allows you to add effects to your images. A command injection vulnerability exists in effect 1.0.4 and earlier. The vulnerability can be exploited to execute arbitrary commands via the options parameter...

9.8CVSS8.2AI score0.04118EPSS
Exploits1References1
CNVD
CNVD
added 2019/01/18 12:0 a.m.4 views

MailEnable Cross-Site Scripting Vulnerability

MailEnable is a suite of POP3 and SMTP mail servers from MailEnable Australia. A cross-site scripting vulnerability exists in the mail settings in MailEnable versions prior to 8.60. The vulnerability can be exploited by an attacker to read local files or scan the internal network by sending the...

10CVSS5.9AI score0.01817EPSS
Exploits1References1
Prion
Prion
added 2018/11/27 8:29 p.m.22 views

Cross site scripting

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "optionssysname" parameter...

4.3CVSS6.2AI score0.01082EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/01/13 12:29 a.m.5 views

CVE-2018-5668

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnuusernamevalidationtitle parameter...

4.8CVSS5.8AI score0.00652EPSS
Exploits1References1
Veracode
Veracode
added 2017/11/20 1:16 a.m.15 views

Unsafe Deserialization

redis-store is vulnerable to unsafe deserialization. The marshalling ability of redis-store allows attackers to load unsafe objects from redis. In order to be vulnerable to this, the options:marshalling needs to be used...

9.8CVSS9.1AI score0.01983EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2009/06/23 12:0 a.m.32 views

Debian Security Advisory DSA 1816-1 (apache2)

The remote host is missing an update to apache2 announced via advisory DSA 1816-1. OpenVAS Vulnerability Test $Id: deb18161.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1816-1 apache2 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

4.9CVSS0.2AI score0.01955EPSS
Exploits4
Rows per page
Query Builder