CVE-2023-37124

A stored cross-site scripting XSS vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37124

CVE-2023-37124 is a stored XSS vulnerability in SEACMS v12.1, specifically in the Site Setup module. The issue allows an attacker to execute arbitrary web scripts or HTML via a crafted payload. Affected component: Site Setup module of SEACMS v12.1. Root cause and impact: stored XSS with potential...

PT-2023-25790 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SEACMS version 12.1 Description: A stored cross-site scripting XSS issue in the Site Setup module allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For SEACMS version 12.1, update the Site Setup...

CVE-2023-37124

A stored cross-site scripting XSS vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37124

A stored cross-site scripting XSS vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-32257

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage th...

USN-6202-1 containerd vulnerabilities

David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. CVE-2023-25153 It was discovered that containerd incorrectly set up...

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were firs...

Openfire 3.10 < 4.6.8 / 4.7 < 4.7.5 Authentication Bypass

The remote host is running a version of Openfire that is affected by an authentication bypass vulnerability. Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack...

CVE-2023-21187

In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21207

In initiateTdlsSetupInternal of staiface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...

CVE-2023-21187

In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21187

In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Code injection

In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2023-17980 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: The issue is related to improper input validation in the setInputMethodWithSubtypeIdLocked function of InputMethodManagerService.java. This could lead to local escalation of privilege with no additional...

CVE-2023-21187

In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2023-17974 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: A logic error in the code of UsbAccessoryUriActivity.java allows for a possible way to escape the Setup Wizard. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-2795

The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2178

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-0873

The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...