65 matches found
WordPress plugin Fabrica Synced Pattern Instances 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
PT-2024-34842 · Unknown · Fabrica Synced Pattern Instances
Name of the Vulnerable Software and Affected Versions: Fabrica Synced Pattern Instances versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS in Fabrica Synced...
WordPress Fabrica Synced Pattern Instances plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Fabrica Synced Pattern Instances versions = 1.0.8...
WordPress Fabrica Synced Pattern Instances Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)
Software Fabrica Synced Pattern Instances Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.0.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51695 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fa9f1896c6c Credits João Pedro S...
DEBIAN-CVE-2024-46958
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...
BIT-MATTERMOST-2024-41144
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...
Mattermost Server 9.0.x < 9.9.1 / 9.10.0 / 9.5.x < 9.5.7 (MMSA-2024-00356)
The version of Mattermost Server installed on the remote host is prior to 9.5.7 or 9.9.1 / 9.10.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00356 advisory. - Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when share...
GO-2024-3022 Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server...
GHSA-9FPW-C9X7-CV3J Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...
GHSA-JQ3G-XQPX-37X3 Mattermost failed to properly validate synced reactions
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...
CVE-2024-29977
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...
CVE-2024-41144 Malicious remote can create/update/delete arbitrary posts in arbitrary channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...
CVE-2024-41144 Malicious remote can create/update/delete arbitrary posts in arbitrary channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...
CVE-2024-29977 Malicious remote can create arbitrary reactions on arbitrary posts
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...
CVE-2024-29977 Malicious remote can create arbitrary reactions on arbitrary posts
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...
PT-2024-29638 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.9.x through 9.9.0 Description: The issue allows a malicious remote to set arbitrary RemoteId values for synced users, which can lead to claiming that a user was synced from another...
PT-2024-29293 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...
Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts
Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys, backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without having to...
Vagrant Synced Folder Vagrantfile Breakout Exploit
This Metasploit module exploits a default Vagrant synced folder shared folder to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant...