DRUPAL-CONTRIB-2023-010

The Media Responsive Thumbnail module allows media reference fields to be rendered as a responsive image. This module does not properly check entity access prior to rendering media. This may result in users seeing thumbnails of media items they do not have access to. This release was coordinated...

Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010

The Media Responsive Thumbnail module allows media reference fields to be rendered as a responsive image. This module does not properly check entity access prior to rendering media. This may result in users seeing thumbnails of media items they do not have access to. This release was coordinated...

Responsive media Image Formatter - Critical - Unsupported - SA-CONTRIB-2023-011

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2023-1517)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : unbound (EulerOS-SA-2023-1517)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The...

CVE-2023-0064

The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0064 eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0064

The CVE-2023-0064 entry corresponds to the WordPress plugin “eVision Responsive Column Layout Shortcodes” (versions 2.3 and earlier). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation and escaping of shortcode attributes, which are output into the pag...

CVE-2023-23983

Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...

CVE-2023-23983

Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...

CVE-2023-23983

The CVE-2023-23983 entry describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin wpdevart Responsive Vertical Icon Menu (

WordPress plugin Responsive Vertical Icon Menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...

CVE-2023-1041

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/ratereview.php. The manipulation of the argument id with the input 1"alert1111 leads to cross site scripting. It is possible t...

CVE-2023-1041 SourceCodester Simple Responsive Tourism Website rate_review.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/ratereview.php. The manipulation of the argument id with the input 1"alert1111 leads to cross site scripting. It is possible t...

CVE-2023-1041

The CVE-2023-1041 entry affects SourceCodester Simple Responsive Tourism Website 1.0, specifically the file /tourism/rate_review.php. The vulnerability arises from improper handling of the id parameter; a crafted input like 1"&gt; enables cross-site scripting (XSS). Exploitation is possible remot...

WordPress Simple YouTube Responsive Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Simple YouTube Responsive Type Plugin Vulnerable versions = 2.5 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25982 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5dfa35a7f50c Credits yuyudhn Required...

CVE-2022-4750 WP Responsive Testimonials Slider And Widget <= 1.5 - Contributor+ Stored XSS

The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

WordPress Plugin WP Responsive Testimonials Slider And Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

SUSE CVE-2021-23995

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...