NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ĭross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.Ĭross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3. VDB-237194 is the identifier assigned to this vulnerability. The manipulation of the argument r/view leads to cross site scripting. Affected by this issue is some unknown functionality of the file /index.php. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ī vulnerability was found in phpRecDB 1.3.1. VDB-237314 is the identifier assigned to this vulnerability. The manipulation of the argument avatar leads to cross site scripting. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.Ĭross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.Ĭross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.Ĭross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.Ĭross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.Ī vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. due to insufficient input sanitization and output escaping. The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. VDB-238026 is the identifier assigned to this vulnerability. The exploit has been disclosed to the public and may be used. It is possible to launch the attack remotely. The manipulation of the argument link leads to cross site scripting. Affected is an unknown function of the file /fusion/portal/action/Link. VDB-238058 is the identifier assigned to this vulnerability.Ī vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. The manipulation of the argument filter/filter leads to cross site scripting. Affected by this issue is some unknown functionality of the file /search. The identifier VDB-238153 was assigned to this vulnerability.Ī vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. The manipulation of the argument name/company leads to cross site scripting. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Ĭross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.Ī vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |