2144 matches found
CVE-2024-1106
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1106
CVE-2024-1106 – Shariff Wrapper (WordPress) : The plugin prior to 4.6.10 does not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Reported impact includes potential XSS within outputs generated...
CVE-2024-1106 Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1106 Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Shariff Wrapper security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
PT-2024-16732 · WordPress · Shariff Wrapper
Name of the Vulnerable Software and Affected Versions: Shariff Wrapper WordPress plugin versions prior to 4.6.10 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example,...
PT-2024-15562 · WordPress · Happy Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.1 Description: The issue is related to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate due to insufficient input sanitization a...
PT-2024-9841 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a potential buffer overflow in the map hw resources function. The function was accessing arrays using an index that could potentially be greater than the size o...
WordPress Shariff Wrapper Plugin < 4.6.10 is vulnerable to Cross Site Scripting (XSS)
Software Shariff Wrapper Type Plugin Vulnerable versions 4.6.10 Fixed in 4.6.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1106 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID da44df395b73 Credits Dmitrii Ignatyev Require...
CVE-2024-0954
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient...
PT-2024-15934 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.7 Description: The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping on...
Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the...
Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the...
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 Description CVE-2023-36845 represen...
CloudLinux CageFS 7.1.1-1 Token Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...
RHEL 8 : open-vm-tools (RHSA-2023:7264)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7264 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...
Traceroute 2.1.2 Privilege Escalation
Description: In Traceroute 2.0.12 through to 2.1.2 fixed in 2.1.3, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts are: tcptraceroute, tracepath, traceproto and traceroute-nanog...
Traceroute 2.1.2 Privilege Escalation Vulnerability
In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3...
EulerOS Virtualization 2.9.1 : traceroute (EulerOS-SA-2024-1049)
According to the versions of the traceroute package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVE-2023-46316...