4960 matches found
CVE-2020-3538 Cisco Data Center Network Manager Path Traversal Vulnerability
A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploi...
CVE-2024-11092
The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abov...
CVE-2024-11092 SVGPlus <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abov...
CVE-2024-11092 SVGPlus <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abov...
CVE-2022-20853
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...
CVE-2022-20853 Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...
CVE-2022-20853 Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...
CVE-2024-10924
The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...
CVE-2024-10924
CVE-2024-10924 affects Really Simple Security (Free, Pro, Pro Multisite) WordPress plugin versions 9.0.0–9.1.1.1. Fault lies in improper validation of login_nonce within the two-factor REST API actions (check_login_and_get_user), enabling unauthenticated attackers to log in as any existing user (...
PT-2024-16753 · WordPress · Svgplus
Name of the Vulnerable Software and Affected Versions: SVGPlus plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input sanitization and output escaping. This allows...
CVE-2024-10323
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
CVE-2024-10323
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
CVE-2024-10323 JetWidgets For Elementor <= 1.0.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
CVE-2024-10323 JetWidgets For Elementor <= 1.0.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
PT-2024-16188 · WordPress · Jetwidgets For Elementor
Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor plugin for WordPress versions up to, and including, 1.0.18 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input sanitization and output escaping. Thi...
CVE-2024-48939
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...
CVE-2024-48939
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...
CVE-2024-48939
Paxton Net2 prior to version 6.07.14023.5015 (SR4) has insufficient validation of the REST API License file, which can allow using the REST API with an invalid license and may enable retrieval of access-log data. Confirmed in multiple sources (NVD, Red Hat, CNVD/CNNVD, PT Security) across CVE-202...
CVE-2024-48939
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 SR4 enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data...
Paxton Access Net2 安全漏洞
Paxton Access Net2 is an application from Paxton Access that provides simple and flexible site management. A security vulnerability exists in Paxton Access Net2 versions prior to 6.07.14023.5015 SR4, which stems from insufficient validation of the REST API license file implementation, resulting i...