โผ CVE-2023-44765 โผ
๐ Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47175 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <=ร 1.3.75 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-44764 โผ
๐ Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-44762 โผ
๐ Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-36465 โผ
๐ Read
via "National Vulnerability Database".
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40671 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <=ร 1.4.0 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-44761 โผ
๐ Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25033 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <=ร 4.5 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-44770 โผ
๐ Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-44766 โผ
๐ Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25480 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid รขโฌโ Visual Drag and Drop Editor plugin <=ร 1.24.1 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27615 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <=ร 1.5.1 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28791 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <=ร 2.3.4 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41654 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <=ร 2.5.8 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41801 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <=ร 4.3 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29235 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <=ร 1.5.2 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-44146 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <=ร 3.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41650 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <=ร 2.1 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40607 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <=ร 1.10.0 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-43810 โผ
๐ Read
via "National Vulnerability Database".
OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41659 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <=ร 2.3.10 versions.๐ Read
via "National Vulnerability Database".