WordPress FullScreen Menu – Mobile Friendly and Responsive Plugin < 2.3.8 is vulnerable to Cross Site Scripting (XSS)

Software FullScreen Menu – Mobile Friendly and Responsive Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c0779bc8b91 Credits...

WordPress Responsive Social Slider Widget Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Social Slider Widget Type Plugin Vulnerable versions = 1.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3fbe3d005963 Credits Rafie Muhammad...

WordPress YouTube Responsive Gallery Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software YouTube Responsive Gallery Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53d93d2b0d34 Credits Rafie Muhammad Patchstack...

Sql injection

A vulnerability classified as critical was found in Bylancer QuickQR 6.3.7. Affected by this vulnerability is an unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack can be launched remotely. The...

Cross site scripting

A vulnerability was found in Nesote Inout Search Engine AI Edition 1.1. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The associated...

CVE-2023-3683 LivelyWorks Articart search cross site scripting

A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument searchterm leads to cross site scripting. The attack can be launched remotely. The...

CVE-2023-3621 IBOS OA Delete Packet delete createDeleteCommand sql injection

A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is the function createDeleteCommand of the file ?r=article/default/delete of the component Delete Packet. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2023-3606

A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2023-3561

A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. It is possible to initiate...

CVE-2023-3560

A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. The...

CVE-2023-3555 GZ Scripts PHP Vacation Rental Script preview.php cross site scripting

A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sortby/propertyid leads to cross site scripting. It is possible to initiate the attack...

PT-2023-25229 · Unknown · Gz Scripts Php Gz Appointment Scheduling Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts PHP GZ Appointment Scheduling Script version 1.8 Description: A problematic vulnerability was found in the GZ Scripts PHP GZ Appointment Scheduling Script. The issue affects an unknown functionality of the file /load.php. The...

CVE-2023-3529

A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=IDampersandmethod=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy...

Command injection

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public...

CVE-2023-3449

CVE-2023-3449 affects IBOS OA 4.5.5, specifically the Interview Management Export component via actionExport in ?r=recruit/interview/export&interviews=x. The root cause is that manipulating the interviews parameter enables SQL injection. Public disclosures exist, vendor unresponsive. Connected so...

CVE-2022-44276

In Responsive Filemanager 9.12.0, an attacker can bypass upload restrictions resulting in RCE...

CVE-2022-44276

In Responsive Filemanager 9.12.0, an attacker can bypass upload restrictions resulting in RCE...

Design/Logic Flaw

In Responsive Filemanager 9.12.0, an attacker can bypass upload restrictions resulting in RCE...

Responsive Filemanager 代码问题漏洞

Responsive FileManager is a free open source file manager from the individual developer Alberto Peripolli. A security vulnerability exists in Responsive Filemanager versions prior to 9.12.0 that originated from a vulnerability that allows an attacker to bypass upload restrictions, which could lea...

PT-2023-14442 · Unknown · Responsive Filemanager

Name of the Vulnerable Software and Affected Versions: Responsive Filemanager versions prior to 9.12.0 Description: The issue allows an attacker to bypass upload restrictions, resulting in remote code execution RCE. Recommendations: For versions prior to 9.12.0, update to version 9.12.0 or later ...