caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting

The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring...

GHSA-XWMV-CX7P-FQFC caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting

The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring...

jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

PT-2024-14586 · Caddy · Caddy +1

Name of the Vulnerable Software and Affected Versions: caddy-security plugin for Caddy version 1.1.20 Description: The issue allows reflected Cross-site Scripting XSS via a GET request to a URL that contains an XSS payload and begins with either a "/admin" or "/settings/mfa/delete/" substring. Th...

WordPress Defender Security Plugin <= 4.4.1 is vulnerable to Bypass Vulnerability

Software Defender Security Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-25595 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 5f5aded4cf8d Credits Yudistira Arya Required privile...

CVE-2023-52430

The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring...

CVE-2023-52430

The CVE-2023-52430 entry concerns the caddy-security plugin for Caddy (version 1.1.20). A reflected Cross-Site Scripting (XSS) vulnerability exists in GET requests where the URL payload begins with /admin or /settings/mfa/delete/. Root cause: insufficient input sanitization in handling those endp...

CVE-2023-6989

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP...

JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE

Description The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server PoC Navigate to the site, and paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers:...

CVE-2024-22163 WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

CVE-2024-22163 WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

RHCOS 4 : OpenShift Container Platform 4.10.56 (RHSA-2023:1655)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1655 advisory. - kube-apiserver: Aggregated API server can cause clients to be redirected SSRF CVE-2022-3172 - spring-security-oauth2-client:...

CVE-2024-22408

Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fix...

Design/Logic Flaw

Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fix...

CVE-2024-22408 Server-Side Request Forgery (SSRF) in Shopware Flow Builder

Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fix...

CVE-2024-22408 Server-Side Request Forgery (SSRF) in Shopware Flow Builder

Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fix...

WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions = 18.5.7 Fixed in 18.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22163 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5c42fda3a58 Credits Yudistira Arya Required...

PT-2024-19398 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.5.7.4 Shopware version 6.4 Description: The Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to...