Lucene search
K

65 matches found

CNNVD
CNNVD
added 2024/11/09 12:0 a.m.3 views

WordPress plugin Fabrica Synced Pattern Instances 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

7.1CVSS7.6AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.2 views

PT-2024-34842 · Unknown · Fabrica Synced Pattern Instances

Name of the Vulnerable Software and Affected Versions: Fabrica Synced Pattern Instances versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS in Fabrica Synced...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/11/04 8:46 a.m.3 views

WordPress Fabrica Synced Pattern Instances plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Fabrica Synced Pattern Instances versions = 1.0.8...

7.1CVSS6.1AI score0.00259EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.7 views

WordPress Fabrica Synced Pattern Instances Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Fabrica Synced Pattern Instances Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.0.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51695 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fa9f1896c6c Credits João Pedro S...

7.1CVSS7AI score0.00259EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/09/16 2:15 a.m.1 views

DEBIAN-CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

9.1CVSS5.3AI score0.00555EPSS
Exploits0References1
OSV
OSV
added 2024/09/05 7:14 p.m.8 views

BIT-MATTERMOST-2024-41144

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

7.1CVSS6AI score0.00362EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/08/09 12:0 a.m.19 views

Mattermost Server 9.0.x < 9.9.1 / 9.10.0 / 9.5.x < 9.5.7 (MMSA-2024-00356)

The version of Mattermost Server installed on the remote host is prior to 9.5.7 or 9.9.1 / 9.10.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00356 advisory. - Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when share...

4.3CVSS5.8AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 2024/08/06 10:40 p.m.27 views

GO-2024-3022 Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server

Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server...

4.3CVSS4.5AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2024/08/01 3:32 p.m.10 views

GHSA-9FPW-C9X7-CV3J Mattermost allows remote actor to set arbitrary RemoteId values for synced users

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

5.1CVSS4.3AI score0.00175EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/08/01 3:32 p.m.17 views

Mattermost allows remote actor to set arbitrary RemoteId values for synced users

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

4.3CVSS7AI score0.00175EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2024/08/01 3:32 p.m.11 views

GHSA-JQ3G-XQPX-37X3 Mattermost failed to properly validate synced reactions

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...

5.1CVSS4.3AI score0.00276EPSS
Exploits0References4
NVD
NVD
added 2024/08/01 3:15 p.m.20 views

CVE-2024-29977

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...

4.3CVSS0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/01 2:5 p.m.24 views

CVE-2024-41144 Malicious remote can create/update/delete arbitrary posts in arbitrary channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

5.5CVSS0.00362EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/01 2:5 p.m.15 views

CVE-2024-41144 Malicious remote can create/update/delete arbitrary posts in arbitrary channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

5.5CVSS7AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/01 2:5 p.m.31 views

CVE-2024-29977 Malicious remote can create arbitrary reactions on arbitrary posts

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...

2.7CVSS0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/01 2:5 p.m.13 views

CVE-2024-29977 Malicious remote can create arbitrary reactions on arbitrary posts

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...

2.7CVSS7.1AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.9 views

PT-2024-29638 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.9.x through 9.9.0 Description: The issue allows a malicious remote to set arbitrary RemoteId values for synced users, which can lead to claiming that a user was synced from another...

5.1CVSS7.4AI score0.00175EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.5 views

PT-2024-29293 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...

7.1CVSS7AI score0.00362EPSS
Exploits0References11
The Hacker News
The Hacker News
added 2023/05/03 1:45 p.m.38 views

Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts

Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys, backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without having to...

6.5AI score
Exploits0
0day.today
0day.today
added 2022/10/28 12:0 a.m.233 views

Vagrant Synced Folder Vagrantfile Breakout Exploit

This Metasploit module exploits a default Vagrant synced folder shared folder to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant...

7.7AI score
Exploits0
Rows per page
Query Builder