CVE-2022-48432
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn’t sandboxed.
Source: CVE-2022-48432
[월:] 2023년 03월
CVE-2023-28158
CVE-2023-28158
Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
Source: CVE-2023-28158
CVE-2022-47433
CVE-2022-47433
Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.
Source: CVE-2022-47433
CVE-2022-47438
CVE-2022-47438
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.
Source: CVE-2022-47438
CVE-2022-47444
CVE-2022-47444
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions.
Source: CVE-2022-47444
CVE-2022-48430
CVE-2022-48430
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
Source: CVE-2022-48430
CVE-2022-48431
CVE-2022-48431
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project� confirmation.
Source: CVE-2022-48431
CVE-2022-38077
CVE-2022-38077
Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.
Source: CVE-2022-38077
CVE-2023-1509
CVE-2023-1509
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmace_manager_server function called via the wp_ajax_gmace_manager AJAX action. This makes it possible for unauthenticated attackers to modify arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Source: CVE-2023-1509
CVE-2023-0213
CVE-2023-0213
Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.
Source: CVE-2023-0213