144 matches found
CVE-2023-51492
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1...
CVE-2023-51492 WordPress If-So Dynamic Content Personalization Plugin <= 1.6.3.1 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1...
CVE-2023-51492
CVE-2023-51492 is a Stored Cross-Site Scripting (XSS) vulnerability in the If-So Dynamic Content Personalization WordPress plugin. The issue arises from improper input neutralization during web page generation, affecting the plugin’s input handling for authenticated users (Contributor+). Affected...
PT-2024-14151 · Unknown · If-So Dynamic Content Personalization
Name of the Vulnerable Software and Affected Versions: If-So Dynamic Content Personalization versions 1.6.3.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that ...
Code injection
The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...
CVE-2024-21666
PIMCORE CVE-2024-21666 affects the Pimcore Customer Management Framework (CMF). The issue is an improper access control in the DuplicatesController that allows an authenticated user without required permissions—and in practice, unauthorized users as well—to access the duplicates list endpoint at ...
WordPress If-So Dynamic Content Personalization Plugin <= 1.6.3.1 is vulnerable to Cross Site Scripting (XSS)
Software If-So Dynamic Content Personalization Type Plugin Vulnerable versions = 1.6.3.1 Fixed in 1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51492 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 370a66ff87d7 Credits Khalid Yusuf...
PT-2023-9319 · Oracle · Oracle Applications Framework
Name of the Vulnerable Software and Affected Versions: Oracle Applications Framework versions 12.2.3 through 12.2.13 Description: The issue is related to improper authorization in the Personalization component of Oracle Applications Framework, part of the Oracle E-Business Suite. This can allow a...
The vulnerability of the Personalization component of the Oracle Applications Framework, a software platform for enterprise automation systems in the Oracle E-Business Suite, allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the Personalization component of the Oracle Applications Framework software, which is part of the Oracle E-Business Suite, exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read,...
Oracle E-Business Suite (October 2023 CPU)
The versions of Oracle E-Business Suite installed on the remote host are affected a vulnerability as referenced in the October 2023 CPU advisory. - Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affecte...
CVE-2023-22076
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application...
Design/Logic Flaw
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application...
PT-2023-6269 · Oracle · Oracle Applications Framework +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Personalization component of the Oracle Applications Framework product. This allows an unauthenticated attacker...
CVE-2023-37891
Cross-Site Request Forgery CSRF vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin = 2.0.4 versions...
CVE-2023-37891
Cross-Site Request Forgery CSRF vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin = 2.0.4 versions...
SAMSUNG Mobile device 输入验证错误漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile device SMR Jul-2023 Release 1 version, which stems from an incorrect input validation vulnerability ...
The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins
The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its...
Navigating a New Reality: Content Personalization at Scale
Prioritizing content personalization can improve user engagement, enhance customer experiences, and boost revenue on a global scale...
The vulnerability of the Personalization module of SmartVista CardGen, which exists due to the lack of measures taken to protect the website structure, allows a attacker to execute XSS attacks.
The vulnerability of the Personalization module of SmartVista CardGen exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...