Cross site scripting

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-0561 Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-0559 Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC As and admin, create a...

The vulnerability in the implementation of the SMB protocol within the in-core CIFS/SMB3-server ksmbd server of the Linux operating system allows a attacker to compromise the confidentiality and accessibility of data.

The vulnerability of the SMB protocol implementation within the in-core CIFS/SMB3 server, ksmbd server, in the Linux operating system, is related to incorrect token authentication processing in the smb2sesssetup function in the fs/smb/server/smb2pdu.c module. Exploiting this vulnerability could...

PT-2024-13357 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: gpac version 2.3-DEV-rev588-g7edc40fee-master Description: An issue in gpac allows remote attackers to execute arbitrary code, cause a denial of service DoS, and obtain sensitive information via null pointer deference in the gf dash setup...

BIT-PHPMYADMIN-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

ksmbd: validate mech token in session setup

...

Ebook Store < 5.8002 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure Vulnerability

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4343-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...

CVE-2024-27568

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apnname3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

LinBle LBT T300-T390 Security Vulnerability

The LinBle LBT T300-T390 is a 4G industrial router from LinBle China. A security vulnerability exists in the LinBle LBT T300-T390 version v2.2.1.8, which stems from a buffer overflow in the apnname3g parameter of the setupEC20Apn method...

PT-2024-21951 · Unknown · Lbt T300-T390

Name of the Vulnerable Software and Affected Versions: LBT T300-T390 version 2.2.1.8 Description: The issue is related to a stack overflow via the apn name 3g parameter in the setupEC20Apn function, allowing attackers to cause a Denial of Service DoS via a crafted POST request to an unspecified A...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-bos without checking if it was allocated and initialized. If...

Design/Logic Flaw

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

CVE-2023-7167

The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...