3944 matches found
CISA and CESER Releases Software Bill of Materials (SBOM) Sharing Lifecycle Report
CISA and the U.S. Department of Energy DOE Cybersecurity, Energy Security, and Emergency Response CESER have released the SBOM Sharing Lifecycle Report to the cybersecurity and supply chain community. The purpose of this report is to enumerate and describe the different parties and phases of the...
WordPress Quiz And Survey Master Plugin <= 8.1.4 is vulnerable to SQL Injection
Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.4 Fixed in 8.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28787 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 34ea65c01c78 Credits Rafie Muhammad Patchstack Required...
Severe Android and Novi Survey Vulnerabilities Under Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 CVSS score: 7.8 - Android Framework Privilege Escalation...
Severe Android and Novi Survey Vulnerabilities Under Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 CVSS score: 7.8 - Android Framework Privilege Escalation...
VulnCheck KEV: CVE-2023-29492
Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account...
Novi Survey Insecure Deserialization Vulnerability
Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account...
CVE-2023-29492
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...
CVE-2023-29492
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...
Code injection
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...
CVE-2023-29492
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...
CVE-2023-29492
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Novi Survey 代码注入漏洞
Novi Survey is an advanced survey software for online surveys, web surveys and email surveys from Novi Survey. A security vulnerability exists in versions prior to Novi Survey 8.9.43676, which can be exploited by attackers to execute arbitrary code on the server in the context of a service accoun...
CVE-2023-29492
Summary (CVE-2023-29492) NoviSurvey before version 8.9.43676 is affected by an insecure deserialization vulnerability. The flaw allows remote attackers to execute arbitrary code on the server in the context of the service account, without accessing stored survey or response data. Concrete details...
CVE-2023-29492
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...
CVE-2023-1946
A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...
CVE-2023-1946
A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...
Cross site scripting
A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...
CVE-2023-1946 SourceCodester Survey Application System Add New cross site scripting
A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...
CVE-2023-1946
CVE-2023-1946 affects SourceCodester Survey Application System 1.0, specifically the Add New Handler component. The vulnerability arises from unsanitized input in the Title parameter, where passing a payload such as can trigger cross-site scripting. The issue appears to be exploitable remotely, ...
SourceCodester Survey Application System 跨站脚本漏洞
Survey Application System is a survey application system by Carlo Montero Individual Developer. A cross-site scripting vulnerability exists in SourceCodester Survey Application System version 1.0, which stems from a problem with the component Add New Handler, where manipulation of the parameter...