Cross site scripting

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plug...

CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plug...

CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plug...

CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plug...

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

CVE-2022-0992

The CVE-2022-0992 entry concerns the WordPress SiteGround Security plugin (versions up to 1.2.5). The vulnerability is an authentication bypass caused by missing identity verification during the initial 2FA setup, allowing unauthenticated users to configure 2FA for pending accounts and subsequent...

PT-2022-13577 · Siteground · Siteground Security Plugin

Name of the Vulnerable Software and Affected Versions: SiteGround Security plugin for WordPress versions up to, and including, 1.2.5 Description: The issue allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up. This enables...

CVE-2022-0949

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbotsgravafingerprint AJAX action, available to unauthenticated users,...

The vulnerability of the Dynamic Security plugin of the Mosquitto messaging broker allows a hacker to gain access to confidential data.

The vulnerability of the Dynamic Security plugin of the Mosquitto messaging broker is related to improper authentication. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential data...

CVE-2022-0590

The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Shopware guest session is shared between customers

Impact Guest sessions are shared between customers when HTTP cache is enabled. Setups with Varnish are not affected by this issue Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview...

GHSA-JP6H-MXHX-PGQH Shopware guest session is shared between customers

Impact Guest sessions are shared between customers when HTTP cache is enabled. Setups with Varnish are not affected by this issue Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview...

Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting

The plugin does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a...

Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via AJAX actions available to unauthenticated users, leading to SQL Injections PoC order and columns parameters are affected curl 'https://example.com/wp-admin/admin-ajax.php' --data...

WordPress Anti-Malware Security and Brute-Force Firewall跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Anti-Malware Security and Brute-Force Firewall, which stems from the fact that the plugin does not clean and escape POST da...

CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Schneider (CVE-2013-0687) (deprecated)

Plugin deprecated because micoms1studio is not detectable in this way This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/03/10. Deprecated because...

Rockwell (CVE-2012-0221) (deprecated)

Plugin deprecated because rslogix and factorytalk is not detectable in this way This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/03/10. Deprecat...

SEL Controller Asset Information

It is possible to obtain attributes of the remote SEL Controller device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc...