CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

Source: CVE-2022-48428

CVE-2022-48427

In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes� and “Changes� tabs was possible

Source: CVE-2022-48427

CVE-2023-27245

A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module.

Source: CVE-2023-27245

CVE-2023-25828

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums� module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)

Source: CVE-2023-25828

CVE-2023-27241

SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module.

Source: CVE-2023-27241

CVE-2023-1654

Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.

Source: CVE-2023-1654

CVE-2023-27847

SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components.

Source: CVE-2023-27847

CVE-2023-0505

The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

Source: CVE-2023-0505

CVE-2023-0660

The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Source: CVE-2023-0660

CVE-2023-0823

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Source: CVE-2023-0823