Enhancesoft osTicket 跨站脚本漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, USA. A security vulnerability exists in osTicket osTicket-plugins, which stems from the discovery of a cross-site scripting XSS vulnerability contained in audit/templates/auditlogs.tmpl.php...

CVE-2022-31890

CVE-2022-31890 concerns a SQL injection in osTicket-plugins' audit/class.audit.php, exploitable via the order parameter to the getOrder function. The Red Hat/CNNVD/EUVD/OSV and OSV feeds corroborate the description; the core issue is lack of proper input sanitization in the getOrder path, leading...

CVE-2022-31889

Cross Site Scripting XSS vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae...

Amazon Linux 2 : gstreamer-plugins-good (ALAS-2023-2011)

The version of gstreamer-plugins-good installed on the remote host is prior to 0.10.31-20. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2011 advisory. GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed...

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +1 more potentially affected by CVE-2023-28669 via org.jenkins-ci.plugins:jacoco (>=1.0.14 <=1.0.9)

org.jenkins-ci.plugins:jacoco MAVEN version =1.0.14, =1.7.2, =1.0.0, =1.7, =1.12.3 Source cves: CVE-2023-28669 Source advisory: OSV:GHSA-XJ29-GFWW-J67G...

[SECURITY] Fedora 38 Update: rubygem-railties-7.0.4.3-1.fc38

Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: handles all the bootstrapping process for a Rails application; manages rails command line interface; provides Rails generators core;...

WordPress Quick Paypal Payments Plugin <= 5.7.26.3 is vulnerable to Cross Site Scripting (XSS)

Software Quick Paypal Payments Type Plugin Vulnerable versions = 5.7.26.3 Fixed in 5.7.26.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1554 Patch priority Low CVSS severity Low 5.9 Developer Fullworks Plugins PSID ed1fcf733e50 Credits Pablo...

CVE-2023-1088

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-1086

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-1092

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity...

CVE-2023-1086

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0503

The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0484

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0500

The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0502

The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0495

The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0498

The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0495

The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0498

The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0502

The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...