Beautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC The PoC will be displayed once the issue has...

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. On the setting page of this plugin, enter...

ansible-freeipa bug fix and enhancement update

An update is available for ansible-freeipa. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The ansible-freeipa package provides Ansible roles and playbooks to...

AgentEasy Properties <= 1.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Account ID"...

PVS - Unable to add new machines to existing Catalog

Unable to add new target devices to existing catalog using Virtual Desktop setup wizard/Streamed Wizard...

CVE-2022-3441 Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Ultimate Member < 2.5.1 - Admin+ RCE

The plugin does not validate user input passed to calluserfunc via the getoptionvaluefromcallback function, which could allow high privilege users to perform RCE even when they are not allowed to for example in multisite setup...

CVE-2022-42993

Password Storage Application v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Setup page...

CVE-2022-42993

Password Storage Application v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Setup page...

Cross site scripting

Password Storage Application v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Setup page...

PT-2022-26700 · Unknown · Password Storage Application

Name of the Vulnerable Software and Affected Versions: Password Storage Application version 1.0 Description: The Password Storage Application contains a cross-site scripting XSS issue via the Setup page. This allows for potential malicious script injection and execution. Recommendations: For...

CVE-2022-42993

The CVE-2022-42993 issue affects Password Storage Application v1.0 and is a cross-site scripting (XSS) vulnerability exposed via the Setup page. The root cause, as described in connected sources, is insufficient filtering/escaping of user-supplied data on the settings page, enabling cookie-based ...

CVE-2022-42993

Password Storage Application v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Setup page...

CVE-2022-42993

Password Storage Application v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Setup page...

CVE-2022-43747

baramundi Management Agent bMA in baramundi Management Suite bMS 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in security update S-2022-01, which contains fixed bMA setup files for these versions. This also is fixed in baramundi Management Suite 2022 R2...

CVE-2022-43747

baramundi Management Agent bMA in baramundi Management Suite bMS 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in security update S-2022-01, which contains fixed bMA setup files for these versions. This also is fixed in baramundi Management Suite 2022 R2...

ansible-freeipa bug fix and enhancement update

An update is available for ansible-freeipa. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The ansible-freeipa package provides Ansible roles and playbooks to...

CVE-2022-3391 Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting

The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3391 Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting

The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...