7660 matches found
Cross site scripting
Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...
CVE-2022-29432
CVE-2022-29432 covers multiple authenticated persistent XSS vulnerabilities in the WordPress plugin wpDataTables (versions
CVE-2022-29430 WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability in KubiQ's PNG to JPG plugin = 4.0 at WordPress via Cross-Site Request Forgery CSRF. Vulnerable parameter &jpgquality...
CVE-2022-29880
A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the...
APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days
Most advanced persistent threat groups APTs use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. Security researchers at the University ...
Malicious code in pco_api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9c8289fc4eb78d3e66ed76818f5f799edc0dbee5bebe64774a03a2c3148158b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)
Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...
CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)
Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...
Evaluation of cyber activities and the threat landscape in Ukraine
Introduction When the war in Ukraine broke out, many analysts were surprised to discover that what was simultaneously happening in the cyber domain did not match their predictions1. Since the beginning of the fighting, new cyberattacks taking place in Ukraine have been identified every week, whic...
new packages: device-mapper-persistent-data
An update is available for device-mapper-persistent-data. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...
Malicious code in sameethinghere101 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69e7a5e4c08ca379961c0f3d1a2dda0bebf47d65f153e2956e890451cb54fbd7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-65CQ-WHR4-7C2V Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
GHSA-63CJ-3R94-234V Persistent XSS vulnerability in Jenkins DRY Plugin
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
Persistent XSS vulnerability in Jenkins DRY Plugin
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability
Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
GHSA-7WFQ-WMX2-3WR4 Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability
Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
Shopware XSS Vulnerability
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...
GHSA-QF3F-7X69-QFV3 phpMyAdmin DoS Vulnerability
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
The Reporting Addon for CUBA Platform has Persistent XSS
The Reporting Addon aka Reports Addon through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports Reports" name field...