CVE-2022-0659 Sync iCloud COS < 2.0.1 - Admin+ Stored Cross-Site Scripting

The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0659

CVE-2022-0659 affects the WordPress plugin “Sync QCloud COS” (pre-2.0.1). The vulnerability stems from the plugin not escaping certain settings, allowing admin or high-privilege users to perform Stored Cross-Site Scripting (XSS) even when unfiltered_html is disallowed. Impact is administrative/XS...

Keyboard layout dynamic sync not working with East Asian, Cyrillic language usernames

When a user using Windows English OS and the username chars are East Asian/Cyrillic Unicode, the Keyboard layout dynamic sync of the Citrix Workspace App will not work. The remote language bar’s language will always be the first-time synced language when the session is created. Changing Microsoft...

Low: Red Hat Security Advisory: Satellite 6.10.3 Async Bug Fix Update

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clie...

CVE-2021-25038

The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-25038

The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-24952

The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the syncprogressivedata parameter for the tvcajaxproductsyncbantchwise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks...

Cross site scripting

The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-25038

CVE-2021-25038 affects the WordPress Multisite User Sync/Unsync plugin prior to 2.1.2. The vulnerability arises from failure to sanitize and escape the wmus_source_blog and wmus_record_per_page parameters before echoing them in HTML attributes, enabling a reflected cross-site scripting (XSS) cond...

WordPress plugin Conversios.io SQL注入漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. SQL injection vulnerability exists in versions of WordPress...

WordPress Sync eCommerce NEO plugin <= 1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Sync eCommerce NEO plugin versions = 1.4. Solution No patched version available...

WordPress Sync eCommerce NEO plugin <= 1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Sync eCommerce NEO plugin versions = 1.4. Solution No patched version available...

WordPress Date Picker by Input WP – Sync bookings with external Calendars (.ics) plugin <= 2.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Date Picker by Input WP – Sync bookings with external Calendars .ics plugin versions = 2.1. Solution Update the WordPress Date Picker by Input WP – Sync bookings with external Calendars .ics plugin to the latest available...

Active Sync Gateway Connector isn't working with new devices since Update to 10.14 RP4

After upgrading from 10.14 RP3 - 10.14 RP4 any new enrolled device can't access to our Exchange Server via Active Sync Connector. After rebooting XenMobile server during the update process, we observe errors in the RemoteConfigService.log file as follows: Error |...

TotoLink routers 命令注入漏洞

TOTOLink T6 is a wireless dual-band router from TotoLink, China. recvmeshinfosync function of TOTOLink T6 is vulnerable to command injection. An attacker can exploit this vulnerability to execute arbitrary commands via specially crafted MQTT packets...

CVE-2022-0646

A flaw use after free in the Linux kernel Management Component Transport Protocol MCTP subsystem was found in the way user triggers cancelworksync after the unregisternetdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It...

Sync iCloud COS < 2.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the 本地文件夹 or URL前缀 settings of the plugin: " style=animation-name:rotation...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +94 more potentially affected by CVE-2022-25173 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.92)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2022-25173 Source advisory: OSV:GHSA-4M7P-55JM-3VW...

Minor update for Vivaldi Desktop Browser 5.1

Download Vivaldi The following improvements were made since the initial 5.1 stable release: Chromium Upgraded to 98.0.4758.105 includes fix for CVE-2022-0609 CrashWindows Playing videos VB-86275 Mail Beta Account root folder shows all messages for all accounts VB-86337 Mail Beta Clicking Other...

SQL Injection in Couchbase Sync Gateway

The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters ?startkey? and ?endkey? of the...