CVE-2023-25461
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <=Â 2.5.0 versions.
Source: CVE-2023-25461
[월:] 2023년 04월
CVE-2023-23710
CVE-2023-23710
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <=Â 7.5.14 versions.
Source: CVE-2023-23710
CVE-2023-23866
CVE-2023-23866
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Carlos Moreira Interactive Geo Maps plugin <=Â 1.5.8 versions.
Source: CVE-2023-23866
CVE-2023-23889
CVE-2023-23889
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
Source: CVE-2023-23889
CVE-2023-30839
CVE-2023-30839
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.
Source: CVE-2023-30839
CVE-2023-2282
CVE-2023-2282
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.
Source: CVE-2023-2282
CVE-2023-30838
CVE-2023-30838
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue.
Source: CVE-2023-30838
CVE-2023-28090
CVE-2023-28090
An HPE OneView appliance dump may expose SNMPv3 read credentials
Source: CVE-2023-28090
CVE-2023-28087
CVE-2023-28087
An HPE OneView appliance dump may expose OneView user accounts
Source: CVE-2023-28087
CVE-2023-25485
CVE-2023-25485
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <=Â 1.3.15 versions.
Source: CVE-2023-25485