WordPress Category Specific RSS feed Subscription Plugin <= v2.2 is vulnerable to Cross Site Scripting (XSS)

Software Category Specific RSS feed Subscription Type Plugin Vulnerable versions = v2.2 Fixed in v2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22685 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9fd849c38037 Credits...

CVE-2020-23584

Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diagtracertadmin.asp " in the "PingTest" parameter that leads to command execution...

CVE-2020-23584

Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diagtracertadmin.asp " in the "PingTest" parameter that leads to command execution...

Remote code execution

Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diagtracertadmin.asp " in the "PingTest" parameter that leads to command execution...

CVE-2020-23584

Summary: CVE-2020-23584 affects the OPTILINK OP-XT71000N (Hardware Version V2.2). An unauthenticated attacker can trigger remote code execution by sending crafted input in the PingTest parameter, exploiting a command-injection flaw via the IP-ADDRESS field using the pipe character (" | ") to targ...

Cross site request forgery (csrf)

A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to create Multiple WLAN BSSID...