CVE

CVE-2023-5443

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1.

Source: CVE-2023-5443

CVE-2023-44377

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add3’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

Source: CVE-2023-44377

CVE-2023-5807

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.

Source: CVE-2023-5807

CVE-2023-44376

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add2’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

Source: CVE-2023-44376

CVE-2023-5821

The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Source: CVE-2023-5821

CVE-2023-5705

The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘vk_filter_search’ shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Source: CVE-2023-5705

CVE-2023-5570

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.

Source: CVE-2023-5570

CVE-2023-5820

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Source: CVE-2023-5820

CVE-2023-5774

The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Source: CVE-2023-5774

CVE-2023-5817

The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Source: CVE-2023-5817