CVE-2021-24366

The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...

@gitldy1013/vuepress-theme-ldy (>=1.1.2 <=1.1.3), @next-theme/plugins (>=0.0.2 <=8.1.0) +17 more potentially affected by CVE-2021-34801 via valine (>=1.3.10 <=1.4.14)

valine NPM version =1.3.10, =1.1.2, =0.0.2, =2.0.0-beta.0, =1.0.11, =0.0.1, =1.0.0, =1.0.0, =1.0.8-alpha.5, =1.1.2, =1.2.1, =1.0.1, =1.0.0, =3.0.0-beta.2, =3.0.0-beta.3 and more Source cves: CVE-2021-34801 Source advisory: OSV:GHSA-P2C4-GXP4-J3XP...

Fedora: Security Advisory for gstreamer1-plugins-bad-free (FEDORA-2021-1c3f7963a5)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ai.langsa:start-with-langsa-plugin (>=0.1 <=0.5), app.keyconnect.api:keyconnect-api (=1.0.0) +8328 more potentially affected by CVE-2021-26291 via org.apache.maven:maven-core (>=2.0 <=3.6.3)

org.apache.maven:maven-core MAVEN version =2.0, =0.1, =1.0.0, =1.1.1, =1.0.0, =3.0.1, =1.0, =4.1.0, =4.0.0, =4.0.10 and more Source cves: CVE-2021-26291 Source advisory: OSV:GHSA-2F88-5HG8-9X2X...

app.keyconnect.api:keyconnect-api (=1.0.0), app.keyconnect:keyconnect-rippled-api (=1.0.0) +2677 more potentially affected by CVE-2021-26291 via org.apache.maven:maven-compat (>=2.2.0 <=3.6.3)

org.apache.maven:maven-compat MAVEN version =2.2.0, =2.4, =0.1-1, =0.1-2, =0.1-1, =0.1-1, =3.0.0, =4.3.0, =0.1.0, =0.6.0, =0.7.0 and more Source cves: CVE-2021-26291 Source advisory: OSV:GHSA-2F88-5HG8-9X2X...

Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE

Overview Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Cross-site scripting vulnerability CWE-79 - CVE-2021-20743 Cross-site scripting vulnerability CWE-79 -...

Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Overview Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wil...

JVN#57524494: Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE

Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L| Base Score: 7.1 CVSS v2|...

CVE-2021-24354

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

Design/Logic Flaw

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

Cross site scripting

The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of th...

CVE-2021-24382 Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)

The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of th...

CVE-2021-24354

CVE-2021-24354 affects the WordPress plugin Simple 301 Redirects by BetterLinks up to version 2.0.3. The root cause is a lack of capability checks and an insufficient nonce check on the plugin’s AJAX action, enabling an authenticated user to install arbitrary plugins on vulnerable sites. The issu...

BetterLinks WordPress plugin 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in BetterLinks WordPress plugin versions prior to 2.0.4, which stems...

Smart Slider Free and pro WordPress plugins 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Smart Slider 3 Free and pro WordPress plugins prior t...

container-tools:3.0 security update

buildah 1.19.7-1.0.1 - Handling redirect from the docker registry Orabug: 29874238 Nikita Gerasimov 1.19.7-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 https://github.com/containers/buildah/commit/a2854ed - Resolves: 1935376 cockpit-podman 29-2 - fix...

SUSE SLED15 / SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2021:1944-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:1944-1 advisory. - A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause...

Virtuozzo Linux 8.4

The complete list of changes is available in RHEL 8.4 release notes at https://access.redhat.com/documentation/en-us/redhatenterpriselinux/8/html-single/8.4releasenotes/index. Vulnerability id: VZL-94 If subscription-manager was installed, any dnf command could produce warnings about the system n...

SUSE: Security Advisory (SUSE-SU-2021:1944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:1944-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - Update to version 1.16.3: - CVE-2021-3185: buffer overflow in gsth264sliceparsedecrefpicmarking bsc1181255 - amcvideodec: fix sync meta copying not taking a reference - audiobuffersplit: Perform discont tracking on running time -...