CVE-2023-25065

Cross-Site Request Forgery CSRF vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin = 2.1.14 versions...

CVE-2023-25065

CVE-2023-25065 reports a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “WP Tabs – Responsive Tabs” (ShapedPlugin)

Cross site scripting

The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

CVE-2023-0060 Responsive Gallery Grid < 2.3.9 - Contributor+ Stored XSS

The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC bscolumns class='" onmouseover="alert1"...

WordPress plugin Responsive Gallery Grid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. bscolumns class='" onmouseover="alert1"...

Exploit for Unrestricted Upload of File with Dangerous Type in Tecrail Responsive_Filemanager

ResponsiveFileManager-CVE-2022-46604 Responsive FileManager v...

WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Image Gallery, Gallery Album Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47603 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 679ee9055f30...

CVE-2022-46604

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

CVE-2022-46604

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

CVE-2022-46604

The CVE-2022-46604 issue affects Tecrail Responsive FileManager v9.9.5 and earlier. A vulnerability in the file-extension check allows an attacker to upload a crafted PHP file, enabling arbitrary code execution on the server. Connected exploit sources describe remediating factors such as director...

WordPress eVision Responsive Column Layout Shortcodes Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software eVision Responsive Column Layout Shortcodes Type Plugin Vulnerable versions = 2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 18ded12f9366 Credits...

Amazon Linux 2022 : python3-unbound, unbound, unbound-anchor (ALAS2022-2023-265)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2023-265 advisory. NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an Unbound instance. Unbound is queri...

WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Vertical Icon Menu Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23870 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 33c1eabeea35 Credits Rio...

WordPress Responsive Gallery Grid Plugin < 2.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Gallery Grid Type Plugin Vulnerable versions 2.3.9 Fixed in 2.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0060 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2a4cfaed0ac5 Credits Lana Codes...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2023-1206)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2023-1156)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : unbound (EulerOS-SA-2023-1177)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving...

EulerOS Virtualization 2.9.1 : unbound (EulerOS-SA-2023-1206)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the 'ghost domain names' attack. The...