7891 matches found
CVE-2024-1588
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1589 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1588 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1589 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper whe...
CVE-2023-49965
SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page...
CVE-2023-49965
SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page...
CVE-2023-49965
The vulnerability CVE-2023-49965 affects SpaceX Starlink Wi‑Fi router Gen 2 prior to 2023.48.0. The Setup Page accepts ssid and password parameters that enable Cross‑Site Scripting (XSS). Impact is user‑revealed data and potentially browser‑based script execution on affected hosts; exploitation d...
CVE-2023-49965
SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page...
CVE-2024-26784
In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmiperfdomain removal On unloading of the scmiperfdomain module got the below splat, when in the DT provided to the system under test the 'power-domain-cells' property was missing. Indeed,...
PT-2024-21479 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue occurs when using hotplug and bringing up a 32-bit CPU. The kernel asks the firmware about the BTLB information to set up the static block TLB entries, requiring write access...
Floating Chat Widget < 3.1.9 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Chaty New Widget" 2...
Better Comments < 1.5.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. From the WordPress menu on the...
UBUNTU-CVE-2024-26666
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix RCU use in TDLS fast-xmit This looks up the link under RCU protection, but isn't guaranteed to actually have protection. Fix that...
CVE-2024-3125 Zebra ZTC GK420d Alert Setup Page settings cross site scripting
A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit h...
CVE-2024-3125
The CVE-2024-3125 entry concerns Zebra ZTC GK420d v1.0, specifically the Alert Setup Page component (settings) where the Address parameter can be manipulated to trigger cross-site scripting. It is exploitable remotely and the exploit has been disclosed. Documented impact is limited to I (integrit...
CVE-2024-3125 Zebra ZTC GK420d Alert Setup Page settings cross site scripting
A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit h...
Zebra ZTC GK420d 跨站脚本漏洞
The Zebra ZTC GK420d is a desktop printer from Zebra. A cross-site scripting vulnerability exists in the Zebra ZTC GK420d version 1.0, which originates from unknown code in file /settings in the component Alert Setup Page, leading to cross-site scripting via the parameter Address...
PT-2024-23892 · Zebra · Zebra Ztc Gk420D
Name of the Vulnerable Software and Affected Versions: Zebra ZTC GK420d version 1.0 Description: A problematic issue was found in the Alert Setup Page component, specifically affecting the /settings file. The manipulation of the Address argument leads to cross-site scripting. This issue can be...
Breeze < 2.1.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape its breezeapitoken settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...