3uu — shariff_wrapper
  The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shariff’ shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘secondarycolor’ and ‘maincolor’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2023-6500
security@wordfence.com
security@wordfence.com 3uu — shariff_wrapper
  The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shariff’ shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like ‘info_text’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks the information icon. 2024-03-21 6.4 CVE-2024-0966
security@wordfence.com
security@wordfence.com
security@wordfence.com 3uu — shariff_wrapper
  The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shariff’ shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘align’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2024-1450
security@wordfence.com
security@wordfence.com
security@wordfence.com N/A — N/A
  Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file. 2024-03-19 5.5 CVE-2024-24043
cve@mitre.org
cve@mitre.org
cve@mitre.org N/A — N/A
  The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server. 2024-03-21 5.9 CVE-2024-28756
cve@mitre.org
cve@mitre.org aam — advanced_access_manager
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. 2024-03-19 5.9 CVE-2024-29124
audit@patchstack.com aankit — easy_maintenance_mode
  The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by the plugin. 2024-03-20 5.3 CVE-2024-1477
security@wordfence.com
security@wordfence.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-20760
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-20768
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26028
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26030
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26031
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim’s browser. Exploitation of this issue requires user interaction. 2024-03-18 5.4 CVE-2024-26032
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26033
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26034
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26035
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26038
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26040
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26041
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26042
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26043
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26044
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26045
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26052
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26056
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26059
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26061
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26062
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information, potentially bypassing security measures. Exploitation of this issue does not require user interaction. 2024-03-18 5.3 CVE-2024-26063
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim’s browser. Exploitation of this issue requires user interaction. 2024-03-18 5.4 CVE-2024-26064
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26065
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26067
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26069
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26073
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. 2024-03-18 5.4 CVE-2024-26080
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26094
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26096
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26101
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26102
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26103
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26104
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26105
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26106
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26107
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26118
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. 2024-03-18 5.3 CVE-2024-26119
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26120
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26124
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26125
psirt@adobe.com adobe — adobe_experience_manager
  Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 4.8 CVE-2024-26050
psirt@adobe.com adobe — animate
  Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20762
psirt@adobe.com adobe — animate
  Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20763
psirt@adobe.com adobe — animate
  Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20764
psirt@adobe.com adobe — bridge
  Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20757
psirt@adobe.com advantech — webaccess/scada
  There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. 2024-03-21 6.4 CVE-2024-2453
ics-cert@hq.dhs.gov anshuln90 — animated_headline
  The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘animated-headline’ shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2304
security@wordfence.com
security@wordfence.com axis_communications_ab — axis_os
  Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 2024-03-19 6.5 CVE-2024-0054
product-security@axis.com axis_communications_ab — axis_os
  Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 2024-03-19 6.5 CVE-2024-0055
product-security@axis.com bdtask — wholesale_inventory_management_system
  A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 4.3 CVE-2024-2639
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com bdthemes — element_pack_elementor_addons
  Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. 2024-03-23 4.3 CVE-2024-24840
audit@patchstack.com benjamin_rojas — wp_editor
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7. 2024-03-17 5.3 CVE-2024-25591
audit@patchstack.com bmc — control-m
  Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. 2024-03-18 6.4 CVE-2024-1604
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl bmc — control-m
  BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application’s privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. 2024-03-18 6.6 CVE-2024-1605
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl bmc — control-m
  Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200. 2024-03-18 4.6 CVE-2024-1606
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl brefphp — bref
  Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the `Riverline/multipart-parser` library. The library, in the `StreamedPart::parseHeaderContent` function, performs slow multi-byte string operations on the header value. Precisely, the `mb_convert_encoding` function is used with the first (`$string`) and third (`$from_encoding`) parameters read from the header value. An attacker could send specifically crafted requests which would force the server into performing long operations with a consequent long billed duration. The attack has the following requirements and limitations: The Lambda should use the Event-Driven Function runtime and the `RequestHandlerInterface` handler and should implement at least an endpoint accepting POST requests; the attacker can send requests up to 6MB long (this is enough to cause a billed duration between 400ms and 500ms with the default 1024MB RAM Lambda image of Bref); and if the Lambda uses a PHP runtime <= php-82, the impact is higher as the billed duration in the default 1024MB RAM Lambda image of Bref could be brought to more than 900ms for each request. Notice that the vulnerability applies only to headers read from the request body as the request header has a limitation which allows a total maximum size of ~10KB. Version 2.1.17 contains a fix for this issue. 2024-03-22 5.3 CVE-2024-29186
security-advisories@github.com
security-advisories@github.com calameo — wp_calameo
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Calameo WP Calameo allows Stored XSS.This issue affects WP Calameo: from n/a through 2.1.7. 2024-03-19 6.5 CVE-2024-29098
audit@patchstack.com campcodes — complete_online_beauty_parlor_management_system
  A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257602 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2766
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_beauty_parlor_management_system
  A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257603. 2024-03-21 6.3 CVE-2024-2767
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_beauty_parlor_management_system
  A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257604. 2024-03-21 6.3 CVE-2024-2768
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_beauty_parlor_management_system
  A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257605 was assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2769
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_beauty_parlor_management_system
  A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-us.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257606 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2770
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_beauty_parlor_management_system
  A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257608. 2024-03-21 6.3 CVE-2024-2774
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_beauty_parlor_management_system
  A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257610 is the identifier assigned to this vulnerability. 2024-03-22 6.3 CVE-2024-2776
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_beauty_parlor_management_system
  A vulnerability has been found in Campcodes Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257611. 2024-03-22 6.3 CVE-2024-2777
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_dj_booking_system
  A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2712
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_dj_booking_system
  A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257466 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2713
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — complete_online_dj_booking_system
  A vulnerability has been found in Campcodes Complete Online DJ Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257467. 2024-03-20 6.3 CVE-2024-2714
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/vacancy/controller.php. The manipulation of the argument id/CATEGORY leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257368. 2024-03-20 6.3 CVE-2024-2668
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/employee/controller.php of the component GET Parameter Handler. The manipulation of the argument EMPLOYEEID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257369 was assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2669
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/vacancy/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257370 is the identifier assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2670
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user/index.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257371. 2024-03-20 6.3 CVE-2024-2671
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257372. 2024-03-20 6.3 CVE-2024-2672
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability classified as critical has been found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257373 was assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2673
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability classified as critical was found in Campcodes Online Job Finder System 1.0. This vulnerability affects unknown code of the file /admin/employee/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257374 is the identifier assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2674
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /admin/company/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257375. 2024-03-20 6.3 CVE-2024-2675
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257376. 2024-03-20 6.3 CVE-2024-2676
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/controller.php. The manipulation of the argument CATEGORYID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257377 was assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2677
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257378 is the identifier assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2678
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com campcodes — online_job_finder_system
  A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387. 2024-03-20 6.3 CVE-2024-2687
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com cegid — meta4_hr
  A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint ‘/sitetest/english/dumpenv.jsp’ is vulnerable to XSS attack by ‘lang’ query, i.e. ‘/sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert(1)%3E&params’. 2024-03-19 6.1 CVE-2024-2633
cve-coordination@incibe.es cegid — meta4_hr
  A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint ‘/sse_generico/generico_login.jsp’ is vulnerable to XSS attack via ‘lang’ query, i.e. ‘/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f&params=”. 2024-03-19 6.1 CVE-2024-2634
cve-coordination@incibe.es ciges — cigesv2
  Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration. 2024-03-22 6.1 CVE-2024-2726
cve-coordination@incibe.es ciges — cigesv2
  HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. 2024-03-22 6.1 CVE-2024-2727
cve-coordination@incibe.es ciges — cigesv2
  Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. 2024-03-22 4.1 CVE-2024-2728
cve-coordination@incibe.es cilium — cilium
  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node”s Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node’s DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue. 2024-03-18 6.1 CVE-2024-28249
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com cilium — cilium
  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node’s Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node’s DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.14.8 and 1.15.2 in in native routing mode (`routingMode=native`) and in Cilium 1.14.4 in tunneling mode (`routingMode=tunnel`). Not that in tunneling mode, `encryption.wireguard.encapsulate` must be set to `true`. There is no known workaround for this issue. 2024-03-18 6.1 CVE-2024-28250
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com colorlibplugins — coming_soon_&_maintenance_mode_by_colorlib
  The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin. 2024-03-20 5.3 CVE-2024-1473
security@wordfence.com
security@wordfence.com cozmoslabs,_sareiodata — passwordless_login
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2. 2024-03-19 6.5 CVE-2024-29143
audit@patchstack.com creativethemeshq — blocksy_companion
  The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-22 6.5 CVE-2024-2392
security@wordfence.com
security@wordfence.com crisp — crisp
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44. 2024-03-21 6.5 CVE-2024-27963
audit@patchstack.com data443 — tracking_code_manager
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16. 2024-03-21 5.9 CVE-2024-2579
audit@patchstack.com dazzlersoft — coming_soon_under_construction_&_maintenance_mode_by_dazzler
  The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode. 2024-03-20 5.3 CVE-2024-1181
security@wordfence.com
security@wordfence.com delabon — live_sales_notification_for_woocommerce_-_woomotiv
  The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the ‘ajax_cancel_review’ function. This makes it possible for unauthenticated attackers to reset the site’s review count via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-20 4.3 CVE-2024-1325
security@wordfence.com
security@wordfence.com
security@wordfence.com dell — poweredge_platform
  Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. 2024-03-19 4.4 CVE-2024-25942
security_alert@emc.com delta_electronics — diaenergie
  Improper neutralization of input within the affected product could lead to cross-site scripting. 2024-03-21 4.6 CVE-2024-28045
ics-cert@hq.dhs.gov denoland — deno
  Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier’s hostname is equal to or a child of a token’s hostname, which can cause tokens to be sent to servers they shouldn’t be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue 2024-03-21 4.6 CVE-2024-27932
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com devklan — alma_blog
  Improper access control vulnerability in Devklan’s Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application’s functionalities without the need for credentials. 2024-03-19 6.5 CVE-2024-1144
cve-coordination@incibe.es devklan — alma_blog
  User enumeration vulnerability in Devklan’s Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response. 2024-03-19 5.3 CVE-2024-1145
cve-coordination@incibe.es devklan — alma_blog
  Cross-Site Scripting vulnerability in Devklan’s Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to ‘Community Description’ or ‘Community Rules’. 2024-03-19 5.8 CVE-2024-1146
cve-coordination@incibe.es diygod — rsshub
  RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version 1.0.0-master.d8ca915. No known workarounds are available. 2024-03-21 6.1 CVE-2024-27926
security-advisories@github.com
security-advisories@github.com diygod — rsshub
  RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request. 2024-03-21 6.5 CVE-2024-27927
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com espocrm — espocrm
  EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in “Password Change” page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2. 2024-03-21 5.9 CVE-2024-24818
security-advisories@github.com
security-advisories@github.com five_star_plugins — five_star_restaurant_menu
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14. 2024-03-19 6.5 CVE-2024-29089
audit@patchstack.com folio — spring_module_core
  A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is d374a5f77e6b58e36f0e0e4419be18b95edcd7ff. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257516. 2024-03-21 5.5 CVE-2022-4963
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com foliovision:_making_the_web_work_for_you — fv_flowplayer_video_player
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. 2024-03-19 6.5 CVE-2024-29122
audit@patchstack.com franciscop — translate
  Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue. 2024-03-22 5.3 CVE-2024-29042
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com fujian_kelixin_communication — command_and_dispatch_platform
  A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation of the argument uuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257197 was assigned to this vulnerability. 2024-03-19 6.3 CVE-2024-2620
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com fujian_kelixin_communication — command_and_dispatch_platform
  A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability. 2024-03-19 6.3 CVE-2024-2621
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com fujian_kelixin_communication — command_and_dispatch_platform
  A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/enterprise_uuid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257199. 2024-03-19 6.3 CVE-2024-2622
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com funnelkit — automation_by_autonami
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2. 2024-03-21 6.5 CVE-2024-2580
audit@patchstack.com geoserver — geoserver
  GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn’t already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue. 2024-03-20 6 CVE-2024-23634
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com geoserver — geoserver
  GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator’s browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information. Versions 2.23.3 and 2.24.0 contain a patch for this issue. 2024-03-20 4.8 CVE-2023-51445
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com geoserver — geoserver
  GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user’s browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users’ ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue. 2024-03-20 4.8 CVE-2024-23640
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com geoserver — geoserver
  GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user’s browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users’ ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue. 2024-03-20 4.8 CVE-2024-23642
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com geoserver — geoserver
  GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue. 2024-03-20 4.8 CVE-2024-23643
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com geoserver — geoserver
  GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user’s browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users’ ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue. 2024-03-20 4.8 CVE-2024-23818
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com geoserver — geoserver
  GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user’s browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users’ ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. 2024-03-20 4.8 CVE-2024-23819
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com geoserver — geoserver
  GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user’s browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users’ ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. 2024-03-20 4.8 CVE-2024-23821
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com github — enterprise_server
  An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program.  2024-03-21 6.3 CVE-2024-1908
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com github_ — enterprise_server
  A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.  2024-03-21 4.3 CVE-2024-2748
product-cna@github.com glpi-project — glpi
  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13. 2024-03-18 6.4 CVE-2024-27098
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com glpi-project — glpi
  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13. 2024-03-18 6.5 CVE-2024-27930
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com glpi-project — glpi
  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13. 2024-03-18 6.5 CVE-2024-27937
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com glpi-project — glpi
  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13. 2024-03-18 5.3 CVE-2024-27914
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com glpi-project — glpi
  GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13. 2024-03-18 4.5 CVE-2024-27104
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com godaddy — page_builder_gutenberg_blocks_-_coblocks
  The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Icon Widget’s in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-1049
security@wordfence.com
security@wordfence.com gpriday — page_builder_by_siteorigin
  The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-2202
security@wordfence.com
security@wordfence.com
security@wordfence.com heyewei — jfinalcms
  A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257071. 2024-03-17 4.7 CVE-2024-2568
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com ibm — infosphere_information_server
  IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. 2024-03-21 6.5 CVE-2024-22352
psirt@us.ibm.com
psirt@us.ibm.com ibm — mq
  IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066. 2024-03-20 5.3 CVE-2023-45177
psirt@us.ibm.com
psirt@us.ibm.com ibm — security_verify_directory
  IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. 2024-03-22 5.3 CVE-2022-32751
psirt@us.ibm.com
psirt@us.ibm.com ibm — security_verify_directory
  IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444. 2024-03-22 4.5 CVE-2022-32753
psirt@us.ibm.com
psirt@us.ibm.com ibm — security_verify_directory
  IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445. 2024-03-22 4.8 CVE-2022-32754
psirt@us.ibm.com
psirt@us.ibm.com ibm — security_verify_governance
  IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. 2024-03-20 5.9 CVE-2023-35888
psirt@us.ibm.com
psirt@us.ibm.com ibm — storage_protect_plus_server
  The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. 2024-03-21 6.2 CVE-2024-27277
psirt@us.ibm.com
psirt@us.ibm.com ibm — storage_protect_plus_server
  IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538. 2024-03-21 4.3 CVE-2023-47715
psirt@us.ibm.com
psirt@us.ibm.com inc2734 — smart_custom_fields
  The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above, to retrieve post content that is password protected and/or private. 2024-03-20 4.3 CVE-2024-1995
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com infosatech — revivepress_-_keep_your_old_content_evergreen
  The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them. 2024-03-20 4.3 CVE-2024-1844
security@wordfence.com
security@wordfence.com
security@wordfence.com isaacs — node-tar
  node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders. 2024-03-21 6.5 CVE-2024-28863
security-advisories@github.com
security-advisories@github.com jan-peter_lambeck_&_3uu — shariff_wrapper
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10. 2024-03-19 6.5 CVE-2024-29109
audit@patchstack.com jean-david_daviet — download_media
  Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2. 2024-03-21 4.3 CVE-2024-27190
audit@patchstack.com jegtheme — jeg_elementor_kit
  The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2024-1326
security@wordfence.com
security@wordfence.com
security@wordfence.com jegtheme — jeg_elementor_kit
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2. 2024-03-19 6.5 CVE-2024-29101
audit@patchstack.com jetbrains — teamcity
  In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process 2024-03-21 4.2 CVE-2024-29880
cve@jetbrains.com jhpyle — docassemble
  Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user’s name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch. 2024-03-21 6.1 CVE-2024-27290
security-advisories@github.com
security-advisories@github.com jhpyle — docassemble
  Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch. 2024-03-21 6.1 CVE-2024-27291
security-advisories@github.com
security-advisories@github.com jp2112 — standout_color_boxes_and_buttons
  The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘color-button’ shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2474
security@wordfence.com
security@wordfence.com kilbot — woocommerce_pos
  The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id 2024-03-20 4.3 CVE-2024-2384
security@wordfence.com
security@wordfence.com kishor-23 — food_waste_management_system
  A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 5.3 CVE-2024-2557
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com lakernote — easyadmin
  A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: ‘../filedir’. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257715. 2024-03-22 6.3 CVE-2024-2825
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com lakernote — easyadmin
  A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716. 2024-03-22 6.3 CVE-2024-2826
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com lakernote — easyadmin
  A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257717 was assigned to this vulnerability. 2024-03-22 6.3 CVE-2024-2827
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com lakernote — easyadmin
  A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 23165d8cb569048c531150f194fea39f8800b8d5. It is recommended to apply a patch to fix this issue. VDB-257718 is the identifier assigned to this vulnerability. 2024-03-22 6.3 CVE-2024-2828
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com latchset — jwcrypto
  JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. 2024-03-21 6.8 CVE-2024-28102
security-advisories@github.com
security-advisories@github.com leap13 — premium_addons_for_elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16. 2024-03-19 6.5 CVE-2024-29106
audit@patchstack.com leevio — happy_addons_for_elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. 2024-03-19 6.5 CVE-2024-29108
audit@patchstack.com liquidpoll — liquidpoll_-_polls,_surveys,_nps_and_feedback_reviews
  The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private. 2024-03-22 4.3 CVE-2024-2080
security@wordfence.com
security@wordfence.com magenet — website_article_monetization_by_magenet
  The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘abp_auth_key’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.1 CVE-2024-1379
security@wordfence.com
security@wordfence.com magesh-k21 — online-college-event-hall-reservation-system
  A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256971. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 6.3 CVE-2024-2534
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com matt_manning — mjm_clinic
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt Manning MJM Clinic.This issue affects MJM Clinic: from n/a through 1.1.22. 2024-03-19 6.5 CVE-2024-29096
audit@patchstack.com matt_manning — mjm_clinic
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt Manning MJM Clinic allows Stored XSS.This issue affects MJM Clinic: from n/a through 1.1.22. 2024-03-19 5.9 CVE-2024-29140
audit@patchstack.com matthias-wandel — jhead
  A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711. 2024-03-22 6.3 CVE-2024-2824
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com mbis — permalink_manager_pro
  The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ajax_save_permalink’ function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts. 2024-03-20 5.4 CVE-2024-2538
security@wordfence.com
security@wordfence.com
security@wordfence.com melapress — wp_2fa
  Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. 2024-03-21 5.3 CVE-2022-44595
audit@patchstack.com microsoft — microsoft_edge_(chromium-based)
  Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2024-03-22 4.7 CVE-2024-26247
secure@microsoft.com microsoft — microsoft_edge_(chromium-based)
  Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-03-22 4.3 CVE-2024-29057
secure@microsoft.com microsoft — microsoft_edge_for_android
  Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability 2024-03-21 4.3 CVE-2024-26196
secure@microsoft.com moby — moby
  Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby’s networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `–internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well. When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs. Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly. In addition to configuring the Linux kernel’s various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver. When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container’s network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself. As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved. Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host’s configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected. Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace’s normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers. Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address. Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container’s network namespace. 2024-03-20 5.9 CVE-2024-29018
security-advisories@github.com
security-advisories@github.com moveaddons — move_addons_for_elementor
  The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-2131
security@wordfence.com
security@wordfence.com n-media — frontend_file_manager
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. 2024-03-17 5.3 CVE-2024-25903
audit@patchstack.com n/a — 74cms
  A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060. 2024-03-17 6.3 CVE-2024-2561
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — black
  Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. 2024-03-19 5.3 CVE-2024-21503
report@snyk.io
report@snyk.io
report@snyk.io n/a — dedecms
  A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2820
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — dedecms
  A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2821
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — dedecms
  A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2822
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — dedecms
  A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2823
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — gnutls
  A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. 2024-03-21 5.3 CVE-2024-28834
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com n/a — gnutls
  A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the “certtool –verify-chain” command. 2024-03-21 5 CVE-2024-28835
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com n/a — iperf
  A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service. 2024-03-18 5.3 CVE-2023-7250
secalert@redhat.com
secalert@redhat.com n/a — libvirt
  A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. 2024-03-21 6.2 CVE-2024-2494
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com n/a — libvirt
  A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. 2024-03-18 5 CVE-2024-2496
secalert@redhat.com
secalert@redhat.com n/a — livewire/livewire
  Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user’s browser session by crafting a malicious link and convincing the user to click on it. 2024-03-19 6.1 CVE-2024-21504
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io n/a — osbuild-composer
  A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. 2024-03-19 6.1 CVE-2024-2307
secalert@redhat.com
secalert@redhat.com n/a — zhicms
  A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255269 was assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2015
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a — zhicms
  A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2016
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com nasirahmed — advanced_form_integration_-_connect_woocommerce_and_contact_form_7_to_google_sheets_and_other_platforms
  The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integration_id’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries and subsequently inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-20 6.1 CVE-2024-2387
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com netentsec — ns-asg_application_security_gateway
  A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/addfirewall.php. The manipulation of the argument FireWallTableArray leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 6.3 CVE-2024-2644
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netentsec — ns-asg_application_security_gateway
  A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257284. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 6.3 CVE-2024-2646
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netentsec — ns-asg_application_security_gateway
  A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257287. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 6.3 CVE-2024-2649
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netentsec — ns-asg_application_security_gateway
  A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257283. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 4.3 CVE-2024-2645
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netentsec — ns-asg_application_security_gateway
  A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257286 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 4.3 CVE-2024-2648
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com octoprint — octoprint
  OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the “Test” button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers. 2024-03-18 4 CVE-2024-28237
security-advisories@github.com
security-advisories@github.com openbmb — xagent
  A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-255265 was assigned to this vulnerability. 2024-03-21 5.3 CVE-2024-2007
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com opentext — service_management_automation_x_(smax)

 

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11; and Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. 2024-03-19 6.5 CVE-2023-32259
security@opentext.com opentext — service_management_automation_x_(smax)
  Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; Asset Management X (AMX) versions: 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; and Hybrid Cloud Management X (HCMX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05. 2024-03-19 6.5 CVE-2023-32260
security@opentext.com openzeppelin — openzeppelin-contracts
  OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6. 2024-03-21 6.5 CVE-2024-27094
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com osamaesh — wp_visitor_statistics_(real_time_traffic)
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4. 2024-03-17 5.3 CVE-2024-24867
audit@patchstack.com pandaxgo — pandax
  A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/role_menu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257061 was assigned to this vulnerability. 2024-03-17 6.3 CVE-2024-2562
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com pandaxgo — pandax
  A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: ‘../filedir’. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257063. 2024-03-17 6.3 CVE-2024-2564
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com pandaxgo — pandax
  A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257064. 2024-03-17 6.3 CVE-2024-2565
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com pandaxgo — pandax
  A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability. 2024-03-17 5.4 CVE-2024-2563
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com pandora_fms — pandora_fms
  : Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776. 2024-03-19 6.7 CVE-2023-41793
security@pandorafms.com pandora_fms — pandora_fms
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700 through <776. 2024-03-19 6.8 CVE-2023-44090
security@pandorafms.com paul_ryley — site_reviews
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul Ryley Site Reviews allows Stored XSS.This issue affects Site Reviews: from n/a through 6.11.6. 2024-03-19 5.9 CVE-2024-29095
audit@patchstack.com pdf_embedder — pdf_embedder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. 2024-03-19 6.5 CVE-2024-29141
audit@patchstack.com pepro_dev._group — peprodev_ultimate_invoice
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7. 2024-03-17 5.3 CVE-2024-25933
audit@patchstack.com pickplugins — user_profile
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins User profile allows Stored XSS.This issue affects User profile: from n/a through 2.0.20. 2024-03-19 6.3 CVE-2024-29097
audit@patchstack.com progress_software — moveit_transfer
  In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. 2024-03-20 4.3 CVE-2024-2291
security@progress.com
security@progress.com python_software_foundation — cpython
  An issue was found in the CPython `zipfile` module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. 2024-03-19 6.2 CVE-2024-0450
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org qiskit — qiskit-ibm-runtime
  Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue. 2024-03-20 5.3 CVE-2024-29032
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com railmedia — order_tip_for_woocommerce
  The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin’s order fees. 2024-03-20 5.3 CVE-2024-1119
security@wordfence.com
security@wordfence.com
security@wordfence.com realmag777 — bear
  Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4. 2024-03-23 4.3 CVE-2024-24835
audit@patchstack.com remyb92 — translate_wordpress_and_go_multilingual_-_weglot
  The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘className’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2124
security@wordfence.com
security@wordfence.com
security@wordfence.com repute_infosystems — armember_-_membership_plugin_content_restriction_member_levels_user_profile_&_user_signup
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: from n/a through 4.0.23. 2024-03-21 5.9 CVE-2024-27995
audit@patchstack.com rewardsfuel — contests_by_rewards_fuel
  The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘update_rewards_fuel_api_key’ parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-1787
security@wordfence.com
security@wordfence.com rewardsfuel — contests_by_rewards_fuel
  The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajax_handler() function. This makes it possible for unauthenticated attackers to update the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site’s user with the edit_posts capability into performing an action such as clicking on a link. 2024-03-20 5.4 CVE-2024-1785
security@wordfence.com
security@wordfence.com rubengc — gamipress_-_button
  The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gamipress_button’ shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2460
security@wordfence.com
security@wordfence.com ruijie — rg-nbs2009g-p
  A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 5.3 CVE-2024-2641
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com saleor — storefront
  Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`. 2024-03-20 4.3 CVE-2024-29036
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com save_as_pdf_plugin_by_pdfcrowd — word_replacer_pro
  Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0. 2024-03-20 6.5 CVE-2023-52229
audit@patchstack.com scrollsequence — scrollsequence
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scrollsequence allows Stored XSS.This issue affects Scrollsequence: from n/a through 1.5.4. 2024-03-19 6.5 CVE-2024-29118
audit@patchstack.com sjaved — easy_social_feed_-_social_photos_gallery_-_post_feed_-_like_box
  The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘efb_likebox’ shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2024-1278
security@wordfence.com
security@wordfence.com sjaved — easy_social_feed_-_social_photos_gallery_-_post_feed_-_like_box
  The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and efbl_save_facebook_access_token functions. This makes it possible for unauthenticated attackers to connect their facebook and instagram pages to the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-21 5.4 CVE-2024-1213
security@wordfence.com
security@wordfence.com sjaved — easy_social_feed_-_social_photos_gallery_-_post_feed_-_like_box
  The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for unauthenticated attackers to disconnect a site’s facebook or instagram page/group connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-21 4.3 CVE-2024-1214
security@wordfence.com
security@wordfence.com sonatype — iq_server
  Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue. 2024-03-21 5.4 CVE-2024-1142
103e4ec9-0a87-450b-af77-479448ddef11 sourcecodester — complete_e-commerce_site
  A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544. 2024-03-21 4.7 CVE-2024-2754
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — employee_task_management_system
  A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability. 2024-03-17 6.3 CVE-2024-2554
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — employee_task_management_system
  A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257054 is the identifier assigned to this vulnerability. 2024-03-17 6.3 CVE-2024-2555
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — employee_task_management_system
  A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055. 2024-03-17 6.3 CVE-2024-2556
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — file_manager_app
  A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability. 2024-03-18 6.3 CVE-2024-2604
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — online_discussion_forum_site
  A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file /uupdate.php. The manipulation of the argument ima leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257388. 2024-03-20 6.3 CVE-2024-2690
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com sourcecodester — simple_file_manager
  A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability. 2024-03-23 6.3 CVE-2024-2849
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com spring — spring
  Spring Authorization Server versions 1.0.0 – 1.0.5, 1.1.0 – 1.1.5, 1.2.0 – 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An application is not vulnerable when a Public Client uses PKCE for the Authorization Code Grant. 2024-03-20 6.1 CVE-2024-22258
security@vmware.com supercleanse — pretty_links_-_affiliate_links_link_branding_link_tracking_&_marketing_plugin
  The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin’s configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-23 4.3 CVE-2024-2326
security@wordfence.com
security@wordfence.com survey_maker_team — survey_maker
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5. 2024-03-19 5.9 CVE-2024-27996
audit@patchstack.com tenda — ac10u
  A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257458 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 6.3 CVE-2024-2707
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tenda — ac15
  A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 6.3 CVE-2024-2812
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tenda — ac15
  A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2816
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tenda — ac15
  A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2817
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tenda — ac18
  A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 4.3 CVE-2024-2559
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tenda — ac18
  A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 4.3 CVE-2024-2560
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com themefic — tourfic
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themefic Tourfic allows Stored XSS.This issue affects Tourfic: from n/a through 2.11.8. 2024-03-19 6.5 CVE-2024-29134
audit@patchstack.com themegrill — colormag
  The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-22 6.4 CVE-2024-2500
security@wordfence.com
security@wordfence.com
security@wordfence.com themelocation — custom_woocommerce_checkout_fields_editor
  The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-1697
security@wordfence.com
security@wordfence.com
security@wordfence.com themeum — tutor_lms_-_elearning_and_online_course_solution
  The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. 2024-03-21 5.4 CVE-2024-1502
security@wordfence.com
security@wordfence.com themeum — tutor_lms_-_elearning_and_online_course_solution
  The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erase_tutor_data() function. This makes it possible for unauthenticated attackers to deactivate the plugin and erase all data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This requires the “Erase upon uninstallation” option to be enabled. 2024-03-21 4.3 CVE-2024-1503
security@wordfence.com
security@wordfence.com timersys — wp_popups
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5. 2024-03-19 5.9 CVE-2024-29105
audit@patchstack.com tobias_conrad — builder_for_woocommerce_reviews_shortcodes_-_reviewshort
  Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3. 2024-03-19 4.3 CVE-2024-29093
audit@patchstack.com visualcomposer — visual_composer_website_builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.6.0. 2024-03-19 5.9 CVE-2024-27997
audit@patchstack.com w3_eden_inc — download_manager
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through 3.2.84. 2024-03-19 6.5 CVE-2024-29114
audit@patchstack.com webtoffee — woocommerce_pdf_invoices_packing_slips_delivery_notes_and_shipping_labels
  The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing. 2024-03-22 6.1 CVE-2024-0957
security@wordfence.com
security@wordfence.com webvitaly — sitekit
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Webvitaly Sitekit allows Stored XSS.This issue affects Sitekit: from n/a through 1.6. 2024-03-19 6.5 CVE-2024-29111
audit@patchstack.com wp_marketing_robot — woocommerce_google_feed_manager
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0. 2024-03-19 5.9 CVE-2024-29112
audit@patchstack.com wpbits — wpbits_addons_for_elementor_page_builder
  The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2129
security@wordfence.com
security@wordfence.com wpcoder — wp_coder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5. 2024-03-21 5.9 CVE-2024-2578
audit@patchstack.com wpdevteam — embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos_audios_maps_&_embed_any_documents_in_gutenberg_&_elemento
  The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 5.4 CVE-2024-2688
security@wordfence.com
security@wordfence.com wpdevteam — embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos_audios_maps_&_embed_any_documents_in_gutenberg_&_elementor
  The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget ’embedpress_pro_twitch_theme ‘ attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-2468
security@wordfence.com
security@wordfence.com wpdevteam — essential_blocks_-_page_builder_gutenberg_blocks-patterns_&_templates
  The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 4.5.2 due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2255
security@wordfence.com
security@wordfence.com
security@wordfence.com wpfunnels_team — wpfunnels
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6. 2024-03-21 5.9 CVE-2024-27965
audit@patchstack.com wpvibes — elementor_addon_elements
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.12.10. 2024-03-19 6.5 CVE-2024-29107
audit@patchstack.com zaytech — smart_online_order_for_clover
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. 2024-03-19 6.5 CVE-2024-29115
audit@patchstack.com zimma_ltd. — ticket_tailor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through 1.10. 2024-03-19 6.5 CVE-2024-29104
audit@patchstack.com zulip — zulip
  Zulip is an open-source team collaboration. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a private stream, Zulip would successfully move the message, — but active users who did not have access to the private stream, but whose client had already received the message, would continue to see the message in the public stream until they reloaded their client. Additionally, Zulip did not remove view permissions on the message from recently-active users, allowing the message to show up in the “All messages” view or in search results, but not in “Inbox” or “Recent conversations” views. While the bug has been present since moving messages between streams was first introduced in version 3.0, this option became much more common starting in Zulip 8.0, when the default option in the picker for moving the very last message in a conversation was changed. This issue is fixed in Zulip Server 8.3. No known workarounds are available. 2024-03-20 6.5 CVE-2024-27286
security-advisories@github.com
security-advisories@github.com