7877 matches found
CVE-2022-2628
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2628
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2628 DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Analytics Cat < 1.1.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
[Citrix Gateway] Client plugin of Window upgrade fails due to upgrade package issue
The client plugin fails to upgrade to the new one after upgrade ADC, following logs sample could be found in client plugin logs 15:36:32.432 | DEBUG | nsStartSSL called 15:36:32.432 | DEBUG | mNotifier0 15:36:32.447 | EVENT | Version mismatch 15:36:32.447 | DEBUG | RedrawActiveXWnd: 6:0...
Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/Edit a Course, add a new Topic and put the followi...
PT-2022-6962 · D Link · D-Link Dap-1325
Name of the Vulnerable Software and Affected Versions: D-Link DAP-1325 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this issue. Th...
USN-5628-2: etcd vulnerabilities
USN-5628-1 fixed vulnerabilities in etcd. This update provides the corresponding updates for Ubuntu 18.04 ESM. Original advisory details: It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service...
USN-5628-2 etcd vulnerabilities
USN-5628-1 fixed vulnerabilities in etcd. This update provides the corresponding updates for Ubuntu 18.04 ESM. Original advisory details: It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service...
USN-5628-1 etcd vulnerabilities
It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service. CVE-2020-15106, CVE-2020-15112 It was discovered that etcd incorrectly handled directory permissions when trying to create a directory that...
PT-2022-7366 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a possible overflow in the amu fie setup function. The cpufreq get hw max freq function returns the maximum frequency in kHz as an unsigned int, while the freq...
CVE-2022-2567
The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2567
The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...
Cross site scripting
The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2710 Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting
The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-34262 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.23 through 5.4.210 Description: A refcount leak was discovered in the setup msi msg address function. The issue was introduced in version v2.6.23 and fixed in version v5.4.211. The actual impact and attack plausibili...