2429 matches found
WordPress plugin SrcSet Responsive Images for WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2024-34857 · Minerva Infotech · Minerva Infotech Responsive Data Table
Name of the Vulnerable Software and Affected Versions: Minerva Infotech Responsive Data Table versions 1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...
WordPress Responsive Addons for Elementor plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Responsive Addons for Elementor versions = 1.5.4...
WordPress WP Responsive Video Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Responsive Video Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51940 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 134f33fcccf3 Credits Zlrqh Required privilege Contributor...
CVE-2024-10947
A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=adminorder&xsl=adminOrderOrderList.xsl. The...
WordPress Responsive Filterable Portfolio plugin <= 1.0.22 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Zaidan Rizaki Patchstack Alliance in WordPress Plugin Responsive Filterable Portfolio versions = 1.0.22...
WordPress Responsive Data Table plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Responsive Data Table versions = 1.3...
WordPress SrcSet Responsive Images for WordPress plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SrcSet Responsive Images for WordPress versions = 1.4...
CVE-2024-10748
A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument...
CVE-2024-10748
Cosmote Greece What’s Up App 4.47.3 (Android) is affected by CVE-2024-10748 in the Realm Database Handler. The issue arises from manipulating the defaultRealmKey in RealmDB.java, causing use of a default cryptographic key. Local access is required; attack complexity is high and exploitation is co...
WordPress Responsive Filterable Portfolio Plugin <= 1.0.22 is vulnerable to Server Side Request Forgery (SSRF)
Software Responsive Filterable Portfolio Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-51785 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...
WordPress Responsive Flickr Gallery plugin <= 1.3.1 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Responsive Flickr Gallery versions = 1.3.1...
CVE-2024-10613 ESAFENET CDG SystemEncryptPolicyService.java delSystemEncryptPolicy sql injection
A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can...
CVE-2024-10610
A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...
CVE-2024-10594
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack...
CVE-2024-10597 ESAFENET CDG PolicyActionService.java delPolicyAction sql injection
A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2024-10596 ESAFENET CDG EncryptPolicyTypeService.java delEntryptPolicySort sql injection
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched...
WordPress ML Responsive Audio plugin <= 0.2 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin ML Responsive Audio player with playlist Shortcode versions = 0.2...
CVE-2024-10505
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2024-10503
A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. The exploit has been...