7884 matches found
Open User Map | Everybody can add locations < 1.3.27 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Hitsteps Web Analytics < 5.87 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Plugin Widgets for Google Reviews Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WOLF < 1.0.7.2 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Hotjar < 1.0.16 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Abandoned Cart Lite for WooCommerce < 5.16.0 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Timely Booking Button <= 2.0.2 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
The vulnerability of the Setup Files Cleanup component of the Windows operating system allows a hacker to execute remote code.
The vulnerability of the Setup Files Cleanup component of the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute malicious code...
CVE-2023-4805
The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4388
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4388 EventON < 2.2 - Admin+ Stored XSS
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4388 EventON < 2.2 - Admin+ Stored XSS
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Exploit for CVE-2023-38646
Metabase Pre-Auth RCE CVE-2023-38646 POC This is a python sc...
Endpoint Management - How to load balance Exchange Servers
Steps to set up load balancing for Exchange Servers in Endpoint Management to ensure high availability and seamless user experiences...
Exploit for Improper Input Validation in Atlassian Confluence_Data_Center
RedTeamTool-CVE-2023-22515 – Vulnerability Exploitation Tool...
delegateMulti(...) Griefing Attack
Lines of code Vulnerability details Impact A call to delegateMulti... with the right parameters will consume much gas and waste memory for Proxy Delegators DoS costing the attacker very little. Proof of Concept Calling delegateMulti with many unique targets and amounts of 0 consumes Proxy...
Moderate: Red Hat Bug Fix Advisory: Red Hat Ansible Automation Platform 2.4 Setup Bundle Release Update
An update is now available for Red Hat Ansible Automation Platform 2.4 Setup Bundle Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to...
Exploit for Improper Input Validation in Atlassian Confluence_Data_Center
CVE-2023-22515 CVE-2023-22515, a critical vulnerability affec...
CVE-2023-36704
Windows Setup Files Cleanup Remote Code Execution Vulnerability...