2429 matches found
CVE-2024-49280 WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through 1.10.0...
CVE-2024-49282 WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox responsive-lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through = 2.4.8...
CVE-2024-49282
CVE-2024-49282 concerns the WordPress plugin “Responsive Lightbox & Gallery” (dFactory Responsive Lightbox) and is a Cross-Site Scripting (Stored XSS) vulnerability in the plugin’s input handling during web page generation, affecting versions up to 2.4.8. The root cause, as reported, is improper ...
CVE-2024-49282 WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8...
WordPress plugin Responsive Lightbox 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A cross-site...
WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Responsive Lightbox versions = 2.4.8...
WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Robert DeVore in WordPress Plugin Lightbox slider – Responsive Lightbox Gallery versions = 1.10.6...
WordPress Lightbox slider – Responsive Lightbox Gallery Plugin <= 1.10.1 is vulnerable to Cross Site Scripting (XSS)
Software Lightbox slider – Responsive Lightbox Gallery Type Plugin Vulnerable versions = 1.10.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49280 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b212a4266d36 Credits Robert...
WordPress Responsive Lightbox Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)
Software Responsive Lightbox Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49282 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0929b0920fa2 Credits Robert DeVore Required privilege...
CVE-2024-9917 HuangDou UTCMS template_creat.php deserialization
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/templatecreat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The explo...
CVE-2024-9916
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The...
CVE-2024-9793
CVE-2024-9793 affects Tenda AC1206 firmware up to version 15.03.06.23. The vulnerability is in the ate_iwpriv_set/ate_ifconfig_set handlers in /goform/ate, enabling remote command injection due to insufficient input sanitization. Impact is described as remote code execution with high confidential...
CVE-2024-9790
A vulnerability was found in LyLmespage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...
CVE-2024-9789 LyLme_spage apply.php sql injection
A vulnerability was found in LyLmespage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...
CVE-2024-9788 LyLme_spage tag.php sql injection
A vulnerability has been found in LyLmespage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...
WordPress Responsive Poll Plugin <= 2.3.9 is vulnerable to SQL Injection
Software Responsive Poll Type Plugin Vulnerable versions = 2.3.9 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9022 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2e687784b00a Credits WordFence Required privilege Administrator Published...
Responsive Binary mlm 3.2.0 SQL Injection
==================================================================================================================================== | Title : Responsive Binary mlm 3.2.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits...
CVE-2024-8864
CVE-2024-8864 affects ComposioHQ Composio up to 0.5.6. The vulnerability targets the Calculator function in python/composio/tools/local/mathematical/actions/calculator.py, where input manipulation enables code injection and arbitrary code execution. The public exploit is disclosed; vendor respons...
CVE-2024-8862
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be...
CVE-2024-8655 Mercury MNVR816 web-static file access
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to...