WordPress External Media Upload Plugin <= 0.3 is vulnerable to Cross Site Scripting (XSS)

Software External Media Upload Type Plugin Vulnerable versions = 0.3 Fixed in 0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 69ec8e1f8b63 Credits Rafie Muhammad Patchstack Required...

WordPress WP Cloud Server Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Cloud Server Type Plugin Vulnerable versions = 1.3.0 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8cdd8c408320 Credits Rafie Muhammad Patchstack Required...

WordPress Pretty Grid – Social Feed Gallery Plugin Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Pretty Grid – Social Feed Gallery Plugin Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 26d1c071d144 Credits Rafie...

WordPress Superfast Mailgun for the Newsletter plugin Plugin < 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Superfast Mailgun for the Newsletter plugin Type Plugin Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 05f4a612540e Credits Rafie...

PT-2023-5481 · Advantech · Eki-1522 +2

Name of the Vulnerable Software and Affected Versions: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 Description: The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the device name field of the...

CVE-2023-34458

CVE-2023-34458 affects mx-chain-go, the official MultiversX blockchain implementation. When executing a relayed transaction, if the inner transaction failed, the inner sender nonce could be incremented, creating a potential limited DoS condition on a targeted account. The issue is resolved by a b...

Unbreakable Enterprise kernel security update

5.4.17-2136.321.4 - tick/common: Align tick period during schedtimer setup Thomas Gleixner Orabug: 35520079 - net/rds: Fix endless rdssendxmit loop if cpindex 0 Gerd Rausch Orabug: 35510149 5.4.17-2136.321.3 - selinux: don't use make's grouped targets feature yet Paul Moore - lib: cpurmap: Fix...

Hardcoded credentials

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...

PT-2023-3915 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Server Subscription Edition affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is...

GHSA-8C6X-G4FW-8RF4 Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats.

Impact A Cross-Site Scripting XSS vulnerability was found in the HTML output of chats. XSS is intended to be mitigated by Jinja's escape function. However, autoescape=True was missing when setting the environment. Although the actual impact is low, considering the HTML file is being viewed offlin...

CVE-2023-37277

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML...

catavoile29.fr Cross Site Scripting vulnerability OBB-3495451

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE-SU-2023:2789-1 Security update for bind

This update for bind fixes the following issues: - CVE-2023-2828: Fixed DOS against recursive resolvers related to cache-cleaning algorithm bsc1212544...

PT-2023-17947 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the StoreAdbSerialNumber of protocolmiscbuilder.cpp due to a missing bounds check. This could lead to local information disclosure with System execution...

PT-2023-25061 · H3C · H3C Magic

Name of the Vulnerable Software and Affected Versions: H3C Magic B1STV100R012 version B1STV100R012 Description: A stack overflow in the UpdateWanMode function allows attackers to cause a Denial of Service DoS via a crafted POST request to an unspecified API endpoint. Recommendations: For H3C Magi...

CVE-2023-32681 affecting package python-requests for versions less than 2.27.1-6

CVE-2023-32681 affecting package python-requests for versions less than 2.27.1-6. A patched version of the package is available...

opie-benthos.fr Cross Site Scripting vulnerability OBB-3471117

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fast-xml-parser regex vulnerability patch could be improved from a safety perspective

Summary This is a comment on https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw and the patches fixing it. Details The code which validates a name calls the validator:...

CVE-2023-34095 cpdb-libs vulnerable to buffer overflows via scanf

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...

forschung.medunigraz.at Cross Site Scripting vulnerability OBB-3423625

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...