🚨 CVE-2023-2122
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.
🎖@cveNotify
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.
🎖@cveNotify
WPScan
Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting
See details on the Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-1977
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
🎖@cveNotify
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
🎖@cveNotify
WPScan
Booking Manager < 2.0.29 - Subscriber+ SSRF
See details on Booking Manager < 2.0.29 - Subscriber+ SSRF CVE 2023-1977. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-1465
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin
🎖@cveNotify
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin
🎖@cveNotify
WPScan
WP EasyPay < 4.1 - Reflected Cross-Site Scripting
See details on the WP EasyPay < 4.1 - Reflected Cross-Site Scripting. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-1110
The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
🎖@cveNotify
The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
🎖@cveNotify
WPScan
Yellow Yard < 2.8.12 - Contributor+ Stored XSS
See details on the Yellow Yard < 2.8.12 - Contributor+ Stored XSS. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-0579
The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.
🎖@cveNotify
The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.
🎖@cveNotify
WPScan
YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi
See details on YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi CVE 2023-0579. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-0551
The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments
🎖@cveNotify
The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments
🎖@cveNotify
WPScan
REST API TO MiniProgram <= 4.6.8.1 - Subscriber+ Attachment Deletion
See details on the REST API TO MiniProgram <= 4.6.8.1 - Subscriber+ Attachment Deletion. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.
🎖@cveNotify
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.
🎖@cveNotify
Jenkins Security Advisory 2023-08-16
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
🚨 CVE-2023-40347
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
🎖@cveNotify
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
🎖@cveNotify
Jenkins Security Advisory 2023-08-16
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
🚨 CVE-2023-40346
Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.
🎖@cveNotify
Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.
🎖@cveNotify
Jenkins Security Advisory 2023-08-16
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
🚨 CVE-2023-40345
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.
🎖@cveNotify
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.
🎖@cveNotify
Jenkins Security Advisory 2023-08-16
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
🚨 CVE-2023-40344
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
🎖@cveNotify
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
🎖@cveNotify
Jenkins Security Advisory 2023-08-16
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
🚨 CVE-2023-40343
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
🎖@cveNotify
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
🎖@cveNotify
Jenkins Security Advisory 2023-08-16
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
🚨 CVE-2023-40342
Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.
🎖@cveNotify
Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.
🎖@cveNotify
Jenkins Security Advisory 2023-08-16
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
🚨 CVE-2023-40341
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
🎖@cveNotify
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
🎖@cveNotify
Jenkins Security Advisory 2023-08-16
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
🚨 CVE-2023-40338
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.
🎖@cveNotify
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.
🎖@cveNotify
Jenkins Security Advisory 2023-08-16
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
🚨 CVE-2023-39115
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
🎖@cveNotify
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
🎖@cveNotify
Packetstormsecurity
Campcodes Online Matrimonial Website System 3.3 Cross Site Scripting ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🚨 CVE-2023-38904
A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.
🎖@cveNotify
A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.
🎖@cveNotify
Exploit Database
Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS).. webapps exploit for Java platform
🚨 CVE-2023-32494
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.
🎖@cveNotify
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.
🎖@cveNotify
🚨 CVE-2020-26037
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.
🎖@cveNotify
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.
🎖@cveNotify
Medium
Hacking Punkbuster
A Directory Traversal Attack on Punkbuster Server can be Leveraged to Gain Remote Code Execution
🚨 CVE-2023-32495
Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.
🎖@cveNotify
Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.
🎖@cveNotify
🚨 CVE-2023-32493
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.
🎖@cveNotify
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.
🎖@cveNotify