Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

CVE-2023-31232 WordPress Plugins List Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

CVE-2023-31232

CVE-2023-31232: WordPress Plugins List plugin (≤ 2.5) is vulnerable to stored XSS (admin+). Root cause involves insufficient escaping in plugin output (e.g., replace_plugin_list_tags). Impact and exploitability are described in connected sources as admin-privileged, stored XSS with potential risk...

CVE-2023-31232 WordPress Plugins List Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in David Artiss Plugins List plugin = 2.5 versions...

Plugins List < 2.5.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)

Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

CVE-2023-31076

CVE-2023-31076 is a WordPress Zip Recipes Recipe Maker for Your Food Blog vulnerability: unauthenticated, reflected XSS in versions

tagDiv Composer < 4.2 - Unauthenticated Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scriptin...

com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.compuware.jenkins:compuware-scm-downloader (>=1.6 <=2.0.5) +105 more potentially affected by CVE-2023-40336 via org.jenkins-ci.plugins:cloudbees-folder (>=4.0 <=6.815.v0dd5a_cb_40e0e)

org.jenkins-ci.plugins:cloudbees-folder MAVEN version =4.0, =2.33.0, =1.6, =1.8, =1.0.2, =1.0.0, =2.0.0, =0.4, =1.0, =7.5.7, =0.9.1, =1.0-alpha-1, =1.27.19, =1.27.25 and more Source cves: CVE-2023-40336 Source advisory: OSV:GHSA-4VQP-PCM3-73XP...

com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.compuware.jenkins:compuware-scm-downloader (>=1.6 <=2.0.5) +105 more potentially affected by CVE-2023-40337 via org.jenkins-ci.plugins:cloudbees-folder (>=4.0 <=6.815.v0dd5a_cb_40e0e)

org.jenkins-ci.plugins:cloudbees-folder MAVEN version =4.0, =2.33.0, =1.6, =1.8, =1.0.2, =1.0.0, =2.0.0, =0.4, =1.0, =7.5.7, =0.9.1, =1.0-alpha-1, =1.27.19, =1.27.25 and more Source cves: CVE-2023-40337 Source advisory: OSV:GHSA-22C3-WHJV-HRFM...

CVE-2023-30871

Unauth. Reflected Cross-Site Scripting XSS vulnerability in PT Woo Plugins by Webdados Stock Exporter for WooCommerce plugin = 1.1.0 versions...

CVE-2023-30871

Unauth. Reflected Cross-Site Scripting XSS vulnerability in PT Woo Plugins by Webdados Stock Exporter for WooCommerce plugin = 1.1.0 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in PT Woo Plugins by Webdados Stock Exporter for WooCommerce plugin = 1.1.0 versions...

CVE-2023-30871

CVE-2023-30871 affects the WordPress plugin Stock Exporter for WooCommerce by PT Woo Plugins (by Webdados). On versions = 1.2.0. If upgrading immediately is not possible, apply vendor-supplied mitigations/patches where available and ensure input/output handling adheres to secure coding practices....

CVE-2023-30871 WordPress Stock Exporter for WooCommerce Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in PT Woo Plugins by Webdados Stock Exporter for WooCommerce plugin = 1.1.0 versions...

Malicious code in ynf-dx-webpack-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ff33ef0f3340901bb0ce287a8b87f098654546d5b5883805533e7581670f64d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Debian: Security Advisory (DSA-5476-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : cni-plugins (ALAS-2023-2192)

The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2192 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block...

Debian DSA-5476-1 : gst-plugins-ugly1.0 - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5476 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...

[SECURITY] Fedora 37 Update: OpenImageIO-2.4.14.0-1.fc37

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...