Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin = 5.2.6 versions...

CVE-2023-39917

CVE-2023-39917 relates to the WordPress plugin Photo Gallery by Ays – Responsive Image Gallery, affected up to version 5.2.6. The vulnerability is a Cross-Site Request Forgery (CSRF) issue in the plugin, with unauthenticated access as the required privilege and a low-severity ranking in PatchStac...

CVE-2023-5334

The CVE-2023-5334 in WP Responsive header image slider (WordPress) is a Stored XSS in the sp_responsiveslider shortcode affecting versions up to 3.2.1. Authenticated attackers with contributor+ can inject scripts that execute on page load. Multiple sources confirm the vulnerability; patch status ...

CVE-2023-5334 WP Responsive header image slider <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spresponsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Plugin Responsive header image slider cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

October 3, 2023, update for Visio 2013 (KB5002479)

October 3, 2023, update for Visio 2013 KB5002479 This article describes update 5002479 for Microsoft Visio 2013 that was released on October 3, 2023.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2013. It doesn't apply to...

WordPress WP Responsive header image slide Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Responsive header image slide Type Plugin Vulnerable versions = 3.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 015e84c4cbe9 Credits Lana Code...

Hardcoded credentials

A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been...

Code injection

A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument dbname leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2023-5221 ForU CMS index.php code injection

A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument dbname leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2023-5063 Widget Responsive for Youtube <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5063

CVE-2023-5063 affects the WordPress plugin “Widget Responsive for Youtube” (versions

WordPress Widget Responsive for Youtube Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Widget Responsive for Youtube Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5063 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05aea07abadd Credits Lana Codes...

CVE-2023-4985

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

WordPress Photospace Responsive Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Photospace Responsive Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4271 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8973e183f828 Credits Marco Wotschka...

CVE-2023-30485 WordPress Avartan Slider Lite Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Solwin Infotech Responsive WordPress Slider – Avartan Slider Lite plugin = 1.5.3 versions...

Out-of-bounds

A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S85F Management Platform up to 20230820 on Smart. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php. The manipulation of the argument 1fileupload leads to unrestricted...

CVE-2023-4713

The CVE-2023-4713 entry concerns IBOS OA 4.5.5 where the addComment function at ?r=weibo/comment/addcomment is vulnerable to SQL injection via the touid parameter. The vulnerability is described as critical, with potential high impact on confidentiality, integrity, and availability. The root caus...

CVE-2023-4708

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely...

Cross site scripting

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier...