114 matches found
CVE-2024-8991
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-8991 OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-8991 OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-39356 · WordPress · Osm – Openstreetmap
Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's osm map and osm map v3 shortcodes due to insufficient input sanitization and outpu...
WordPress OSM – OpenStreetMap Plugin <= 6.1.0 is vulnerable to Cross Site Scripting (XSS)
Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 602fbf695703 Credits Peter Thaleikis...
CVE-2024-3604
The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-3604
The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-3603
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...
CVE-2024-3603
CVE-2024-3603 affects the OSM – OpenStreetMap WordPress plugin. All versions up to 6.0.2 are vulnerable to a Stored XSS via the plugin’s osm_map shortcode due to insufficient input sanitization and output escaping for attributes (e.g., theme). Exploitation requires contributor-level access or hig...
PT-2024-26858 · WordPress · Osm – Openstreetmap Plugin
Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.0.2 Description: The issue is related to SQL Injection via the tagged filter attribute of the osm map v3 shortcode due to insufficient escaping on the user-supplied...
PT-2024-26854 · WordPress · Osm – Openstreetmap
Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'osm map' shortcode due to insufficient input sanitization and output escaping on...
CVE-2024-4663
The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-4663
The CVE-2024-4663 entry covers the OSM Map Widget for Elementor WordPress plugin. It affects all versions up to 1.2.2, with a Reflected Cross-Site Scripting vulnerability in the id parameter caused by insufficient input sanitization and output escaping. The issue can allow unauthenticated attacke...
CVE-2024-4663 OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-4663 OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress plugin OSM Map Widget for Elementor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...
WordPress OSM Map Widget for Elementor plugin < 1.3.0 - Authenticated Stored Cross-Site Scripting via id Parameter vulnerability
Authenticated Stored Cross-Site Scripting via id Parameter vulnerability discovered by stealthcopter in WordPress Plugin OSM Map Widget for Elementor versions 1.3.0...
WordPress OSM Map Widget for Elementor Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software OSM Map Widget for Elementor Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4663 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4fcc595d31d1 Credits stealthcopter...
CVE-2022-35503
Open Source MANO (OSM) versions 7–12 have a vulnerability in the LCM module container when handling a VNF descriptor due to improper verification of user input. An authenticated attacker can execute arbitrary code within the LCM container, potentially changing normal OSM component execution, leak...
@etalab/cadastre (>=0.14.0 <=0.21.0), @fmidev/smartmet-alert-client (>=3.0.0 <=3.8.8) +14 more potentially affected by CVE-2024-1163 via mapshaper (>=0.3.43 <=0.6.42)
mapshaper NPM version =0.3.43, =0.14.0, =3.0.0, =0.0.1, =0.1.9, =0.1.0, =0.0.1, =0.0.3, =2.1.0, =1.3.1, =0.0.1, =0.0.1, =0.1.0 - tile-maker =0.0.1 and more Source cves: CVE-2024-1163 Source advisory: OSV:GHSA-8M36-62RW-9MXW...