CVE-2023-0644

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Cross site scripting

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-0644 PushAssist <= 3.0.8 - Reflected Cross-Site Scripting

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-0644

CVE-2023-0644 affects the WordPress plugin “Push Notifications for WordPress by PushAssist” (versions

WordPress plugin Push Notifications for WordPress by PushAssist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Subscribers – Free Web Push Notifications 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-16421 · Pushassist · Push Notifications For Wordpress

Name of the Vulnerable Software and Affected Versions: Push Notifications for WordPress by PushAssist WordPress plugin versions 3.0.8 and earlier Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the plugin does not properly sanitise and escape various...

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

GitHub has announced the general availability of a new security feature called push protection , which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ag...

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago...

CVE-2023-2534

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...

Puppet Server 安全漏洞

Puppet Server is a software from Puppet Labs in the United States that is used to push configurations from a master server to other servers. A security vulnerability exists in Puppet Server version 7.9.2. An attacker exploited the vulnerability to slow down server operations...

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM Liberty for Java for IBM Cloud with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the remediation section. Vulnerability Details...

Healthy security habits to fight credential breaches: Cyberattack Series

Fifty percent of Microsoft cybersecurity recovery engagements relate to ransomware,1 and 61 percent of all breaches involve credentials.2 In this second report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a push-bombing request that targete...

Healthy security habits to fight credential breaches: Cyberattack Series

Fifty percent of Microsoft cybersecurity recovery engagements relate to ransomware,1 and 61 percent of all breaches involve credentials.2 In this second report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a push-bombing request that targete...

Exploit for Unquoted Search Path or Element in Wondershare Filmora

bash...

CVE-2023-30513

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

WordPress Subscribers – Free Web Push Notifications Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Subscribers – Free Web Push Notifications Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22684 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 892cf19e4971 Credi...

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

CVE-2023-30514

Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

CVE-2023-30514

Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...