7647 matches found
MAL-2024-7150 Malicious code in @zitterorg/cupiditate-fugiat-culpa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 505aa19c407d211fbbff5a2b9e252641bc3dac0ed45bb8c4a67cc3baebbd2a60 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zitterorg/velit-autem (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9338884be8e4522ff1bf86cec4a775020a3fd583cdcddb7a167a5cba79d258af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zitterorg/iure-consequatur-nostrum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45fb454d23f187cd3ebe45f6cf2a05cf25bf0aa862d41a56159b3ffbfcf39774 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zitterorg/incidunt-cum (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a48ed2154d858356e5de2be6327986d6a3f0b2955dec808c9986bae75d0b3550 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Citrix CDFControl Service How to Save Logs On A UNC Network Share
Sometimes it may be necessary to save trace data to a shared network folder, for example, crash/hang issues with non-persistent VDAs or due to local disk space constraints...
CVE-2024-39310 WordPress Basil Theme Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability
The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the posttitle parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access...
CVE-2024-36992
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthoriz...
CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...
CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...
CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...
CVE-2024-36992 Persistent Cross-site Scripting (XSS) in Dashboard Elements
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthoriz...
PT-2024-28436 · WordPress · Basil +1
Name of the Vulnerable Software and Affected Versions: The Basil recipe theme for WordPress versions up to, and including, 2.0.4 Description: The issue is related to Persistent Cross-Site Scripting XSS via the post title parameter due to insufficient input sanitization and output escaping. This...
CVE-2024-38521 Persistent Cross-Site Scripting (XSS) in hushline inbox
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...
Malicious code in recovery-center-web-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c243af7b9adcb93c55a9f9976096aa2a6470dbb50e45785b0cc87b3b4181afa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
XMB 1.9.12.06 - Stored XSS
Exploit Title: Persistent XSS in XMB 1.9.12.06 Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.xmbforum2.com/ Software Link: https://www.xmbforum2.com/download/XMB-1.9.12.06.zip Version: 1.9.12.06 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent store...
Carbon Forum 5.9.0 - Stored XSS
Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS...
CVE-2024-37308
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...
CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...
CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...
CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...