mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
Auto-Update: 2025-02-23T03:00:29.845877+00:00
This commit is contained in:
cad-safe-bot
parent
a0c49f26c1
commit
d91cdfcbc5
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||||
"published": "2016-03-29T10:59:00.160",
|
"published": "2016-03-29T10:59:00.160",
|
||||||
"lastModified": "2025-01-29T18:15:26.670",
|
"lastModified": "2025-01-29T18:15:26.670",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5",
|
"sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5",
|
||||||
"published": "2017-05-26T20:29:00.177",
|
"published": "2017-05-26T20:29:00.177",
|
||||||
"lastModified": "2025-02-07T14:15:43.297",
|
"lastModified": "2025-02-07T14:15:43.297",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||||
"published": "2018-12-11T16:29:00.623",
|
"published": "2018-12-11T16:29:00.623",
|
||||||
"lastModified": "2025-01-29T18:15:30.320",
|
"lastModified": "2025-01-29T18:15:30.320",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "psirt@cisco.com",
|
"sourceIdentifier": "psirt@cisco.com",
|
||||||
"published": "2019-01-24T15:29:00.953",
|
"published": "2019-01-24T15:29:00.953",
|
||||||
"lastModified": "2024-11-21T04:37:01.077",
|
"lastModified": "2024-11-21T04:37:01.077",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "psirt@fortinet.com",
|
"sourceIdentifier": "psirt@fortinet.com",
|
||||||
"published": "2020-07-24T23:15:12.003",
|
"published": "2020-07-24T23:15:12.003",
|
||||||
"lastModified": "2025-02-04T20:15:36.260",
|
"lastModified": "2025-02-04T20:15:36.260",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "security@opentext.com",
|
"sourceIdentifier": "security@opentext.com",
|
||||||
"published": "2021-02-08T22:15:12.527",
|
"published": "2021-02-08T22:15:12.527",
|
||||||
"lastModified": "2025-02-06T21:15:16.477",
|
"lastModified": "2025-02-06T21:15:16.477",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "security@opentext.com",
|
"sourceIdentifier": "security@opentext.com",
|
||||||
"published": "2021-03-26T14:15:11.967",
|
"published": "2021-03-26T14:15:11.967",
|
||||||
"lastModified": "2025-02-06T21:15:16.713",
|
"lastModified": "2025-02-06T21:15:16.713",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||||
"published": "2021-10-08T22:15:08.287",
|
"published": "2021-10-08T22:15:08.287",
|
||||||
"lastModified": "2025-02-03T14:15:32.667",
|
"lastModified": "2025-02-03T14:15:32.667",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||||
"published": "2022-02-11T23:15:08.273",
|
"published": "2022-02-11T23:15:08.273",
|
||||||
"lastModified": "2025-01-29T17:15:15.653",
|
"lastModified": "2025-01-29T17:15:15.653",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "security@apache.org",
|
"sourceIdentifier": "security@apache.org",
|
||||||
"published": "2021-12-14T19:15:07.733",
|
"published": "2021-12-14T19:15:07.733",
|
||||||
"lastModified": "2025-02-04T20:15:45.010",
|
"lastModified": "2025-02-04T20:15:45.010",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker."
|
"value": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "Existe una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un problema de comando OS ('inyecci\u00f3n de comandos de os') en ACMailer CGI ver.4.0.3 y antes y Acmailer DB Ver.1.1.5 y anterior. Si se explota esta vulnerabilidad, un atacante puede ejecutar un comando arbitrario del sistema operativo."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||||
"published": "2022-07-26T22:15:09.147",
|
"published": "2022-07-26T22:15:09.147",
|
||||||
"lastModified": "2025-01-29T17:15:15.880",
|
"lastModified": "2025-01-29T17:15:15.880",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "security@vmware.com",
|
"sourceIdentifier": "security@vmware.com",
|
||||||
"published": "2022-03-03T22:15:08.673",
|
"published": "2022-03-03T22:15:08.673",
|
||||||
"lastModified": "2025-01-29T18:15:43.473",
|
"lastModified": "2025-01-29T18:15:43.473",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access."
|
"value": "Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La generaci\u00f3n de un vector de inicializaci\u00f3n d\u00e9bil en una librer\u00eda de software de criptograf\u00eda Intel(R) IPP anterior a la versi\u00f3n 2021.5 puede permitir que un usuario no autenticado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
|
"value": "Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La predicci\u00f3n del objetivo de la rama de retorno del canal alternativo no protegido en algunos procesadores Intel\u00ae puede permitir que un usuario autorizado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||||
"published": "2022-09-26T16:15:13.463",
|
"published": "2022-09-26T16:15:13.463",
|
||||||
"lastModified": "2025-02-03T14:15:33.320",
|
"lastModified": "2025-02-03T14:15:33.320",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "security@vmware.com",
|
"sourceIdentifier": "security@vmware.com",
|
||||||
"published": "2024-11-14T12:15:16.083",
|
"published": "2024-11-14T12:15:16.083",
|
||||||
"lastModified": "2024-11-15T13:58:08.913",
|
"lastModified": "2024-11-15T13:58:08.913",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||||
"published": "2022-11-01T23:15:19.710",
|
"published": "2022-11-01T23:15:19.710",
|
||||||
"lastModified": "2025-02-03T14:15:33.637",
|
"lastModified": "2025-02-03T14:15:33.637",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "psirt@fortinet.com",
|
"sourceIdentifier": "psirt@fortinet.com",
|
||||||
"published": "2023-03-07T17:15:12.093",
|
"published": "2023-03-07T17:15:12.093",
|
||||||
"lastModified": "2024-11-21T07:23:03.750",
|
"lastModified": "2024-11-21T07:23:03.750",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "psirt@fortinet.com",
|
"sourceIdentifier": "psirt@fortinet.com",
|
||||||
"published": "2023-01-02T09:15:09.490",
|
"published": "2023-01-02T09:15:09.490",
|
||||||
"lastModified": "2024-11-21T07:25:02.680",
|
"lastModified": "2024-11-21T07:25:02.680",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cve@mitre.org",
|
"sourceIdentifier": "cve@mitre.org",
|
||||||
"published": "2024-03-28T23:15:46.070",
|
"published": "2024-03-28T23:15:46.070",
|
||||||
"lastModified": "2024-11-21T08:05:40.480",
|
"lastModified": "2024-11-21T08:05:40.480",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory."
|
"value": "Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La unidad principal NTG6 de Mercedes-Benz contiene funciones para importar o exportar configuraciones de perfil a trav\u00e9s de USB. Dentro de la carpeta de perfil hay un archivo codificado con el c\u00f3dec propietario UD2. Debido a que no se realizan comprobaciones de tama\u00f1o en el archivo encapsulado, el atacante puede lograr una lectura fuera de los l\u00edmites en la memoria del mont\u00f3n."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {},
|
"metrics": {},
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof \u201cUserData\u201d with desirable file path and access it though backup on USB."
|
"value": "Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof \u201cUserData\u201d with desirable file path and access it though backup on USB."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La unidad principal NTG6 de Mercedes-Benz tiene pines Ethernet en la placa base para conectar el m\u00f3dulo CSB. Un atacante puede conectarse a estos pines y obtener acceso a la red interna. Se puede adquirir una condici\u00f3n de ejecuci\u00f3n y el atacante puede falsificar \u201cUserData\u201d con la ruta de archivo deseada y acceder a ella a trav\u00e9s de una copia de seguridad en USB."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {},
|
"metrics": {},
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability."
|
"value": "Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La unidad principal NTG6 de Mercedes-Benz tiene pines Ethernet en la placa base para conectar el m\u00f3dulo CSB. Un atacante puede conectarse a estos pines y obtener acceso a la red interna. Como resultado, al acceder a un puerto espec\u00edfico, un atacante puede enviar una solicitud de llamada a todos los servicios registrados en el enrutador y lograr una vulnerabilidad de inyecci\u00f3n de comandos."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {},
|
"metrics": {},
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically."
|
"value": "An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "Se descubri\u00f3 un problema en Mercedes Benz NTG 6. Existe un posible desbordamiento de n\u00fameros enteros en la funci\u00f3n de importaci\u00f3n/exportaci\u00f3n de datos de usuario de las unidades principales NTG (Nueva Generaci\u00f3n Telem\u00e1tica) 6. Para realizar este ataque, se necesita acceso local a la interfaz USB del autom\u00f3vil. Con los datos preparados, un atacante puede provocar que el servicio de datos de usuario falle. La instancia de servicio fallida se reiniciar\u00e1 autom\u00e1ticamente."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {},
|
"metrics": {},
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "sirt@juniper.net",
|
"sourceIdentifier": "sirt@juniper.net",
|
||||||
"published": "2023-08-17T20:15:10.267",
|
"published": "2023-08-17T20:15:10.267",
|
||||||
"lastModified": "2025-02-13T17:16:43.377",
|
"lastModified": "2025-02-13T17:16:43.377",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "security@progress.com",
|
"sourceIdentifier": "security@progress.com",
|
||||||
"published": "2023-09-27T15:18:57.307",
|
"published": "2023-09-27T15:18:57.307",
|
||||||
"lastModified": "2025-02-13T17:17:00.470",
|
"lastModified": "2025-02-13T17:17:00.470",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "arm-security@arm.com",
|
"sourceIdentifier": "arm-security@arm.com",
|
||||||
"published": "2023-10-01T18:15:09.927",
|
"published": "2023-10-01T18:15:09.927",
|
||||||
"lastModified": "2025-02-04T15:15:17.480",
|
"lastModified": "2025-02-04T15:15:17.480",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n\n\n\n\nis vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
|
"value": "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n\n\n\n\nis vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "IBM Cognos Controller 11.0.0 a 11.0.1 FP3 e IBM Controller 11.1.0 son vulnerables a un ataque de inyecci\u00f3n de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
"value": "A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La falta de limitaci\u00f3n de velocidad en the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 permite a los atacantes enviar una cantidad excesiva de correo electr\u00f3nico a un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"lang": "es",
|
"lang": "es",
|
||||||
"value": "PHPJabbers Event Booking Calendar v4.0 es afectado por una la vulnerabilidad de inyecci\u00f3n CSV que permite a un atacante ejecutar c\u00f3digo remoto. La vulnerabilidad existe debido a una validaci\u00f3n de entrada insuficiente en la secci\u00f3n Idiomas. Etiqueta cualquier campo de par\u00e1metros en Opciones del sistema que se utiliza para construir el archivo CSV."
|
"value": "PHPJabbers Event Booking Calendar v4.0 es afectado por una vulnerabilidad de inyecci\u00f3n CSV que permite a un atacante ejecutar c\u00f3digo remoto. La vulnerabilidad existe debido a una validaci\u00f3n de entrada insuficiente en la secci\u00f3n Idiomas. Etiqueta cualquier campo de par\u00e1metros en System Options que se utiliza para construir el archivo CSV."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"lang": "es",
|
"lang": "es",
|
||||||
"value": "PHPJabbers Hotel Booking System v4.0 es afectado por una la vulnerabilidad de inyecci\u00f3n de CSV, lo que permite a un atacante ejecutar c\u00f3digo remoto. La vulnerabilidad existe debido a una validaci\u00f3n de entrada insuficiente en la secci\u00f3n Idiomas. Etiqueta cualquier campo de par\u00e1metros en System Options que se utiliza para construir el archivo CSV."
|
"value": "PHPJabbers Hotel Booking System v4.0 es afectado por una vulnerabilidad de inyecci\u00f3n de CSV, lo que permite a un atacante ejecutar c\u00f3digo remoto. La vulnerabilidad existe debido a una validaci\u00f3n de entrada insuficiente en la secci\u00f3n Idiomas. Etiqueta cualquier campo de par\u00e1metros en System Options que se utiliza para construir el archivo CSV."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"name, title\" parameters."
|
"value": "PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"name, title\" parameters."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "PHPJabbers Event Ticketing System v1.0 es vulnerable a m\u00faltiples Cross-Site Scripting (XSS) Almacenado en los par\u00e1metros \"nombre, t\u00edtulo\"."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
"value": "A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La falta de limitaci\u00f3n de velocidad en la funci\u00f3n 'Email Settings' de PHPJabbers Car Park Booking System v3.0 permite a los atacantes enviar una cantidad excesiva de correo electr\u00f3nico a un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
"value": "A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La falta de limitaci\u00f3n de velocidad en las funciones 'Forgot Password', 'Email Settings' de PHPJabbers Car Park Booking System v3.0 permite a los atacantes enviar una cantidad excesiva de correo electr\u00f3nico a un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
|
"value": "PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "PHPJabbers Car Park Booking System v3.0 es afectado por una vulnerabilidad de inyecci\u00f3n CSV que permite a un atacante ejecutar c\u00f3digo remoto. La vulnerabilidad existe debido a una validaci\u00f3n de entrada insuficiente en la secci\u00f3n Idiomas. Etiqueta cualquier campo de par\u00e1metros en System Options que se utiliza para construir el archivo CSV."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {},
|
"metrics": {},
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter."
|
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "PHPJabbers Restaurant Booking System v3.0 es vulnerable a Cross-Site Scripting (XSS) Reflejado en el men\u00fa Reservas, secci\u00f3n Programaci\u00f3n, par\u00e1metro de fecha."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name\" parameters."
|
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name\" parameters."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "PHPJabbers Restaurant Booking System v3.0 es vulnerable a m\u00faltiples Cross-Site Scripting (XSS) Almacenado en los par\u00e1metros \"seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name\"."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"title, name\" parameters."
|
"value": "PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"title, name\" parameters."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": " PHPJabbers Bus Reservation System v1.1 es vulnerable a m\u00faltiples Cross-Site Scripting (XSS) Almacenado en los par\u00e1metros \"t\u00edtulo, nombre\"."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
|
"value": "PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "PHPJabbers Bus Reservation System v1.1 es afectado por una vulnerabilidad de inyecci\u00f3n CSV que permite a un atacante ejecutar c\u00f3digo remoto. La vulnerabilidad existe debido a una validaci\u00f3n de entrada insuficiente en la secci\u00f3n Idiomas. Etiqueta cualquier campo de par\u00e1metros en System Options que se utiliza para construir el archivo CSV."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"title, name\" parameters."
|
"value": "PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"title, name\" parameters."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "PHPJabbers Shared Asset Booking System v1.0 es vulnerable a m\u00faltiples Cross-Site Scripting (XSS) Almacenado en los par\u00e1metros \"t\u00edtulo, nombre\"."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu \"date\" parameter."
|
"value": "PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu \"date\" parameter."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "PHPJabbers Cinema Booking System v1.0 es vulnerable a Cross-Site Scripting (XSS) Reflejado en el par\u00e1metro \"fecha\" del men\u00fa Ahora en exhibici\u00f3n."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
"value": "A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La falta de limitaci\u00f3n de velocidad en la funci\u00f3n 'Forgot Password' de PHPJabbers Meeting Room Booking System v1.0 permite a los atacantes enviar una cantidad excesiva de correo electr\u00f3nico a un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
"value": "A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La falta de limitaci\u00f3n de velocidad en la funci\u00f3n 'Forgot Password' de PHPJabbers Cinema Booking System v1.0 permite a los atacantes enviar una cantidad excesiva de correo electr\u00f3nico a un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"title, name\" parameters."
|
"value": "PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"title, name\" parameters."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "PHPJabbers Cinema Booking System v1.0 es vulnerable a m\u00faltiples Cross-Site Scripting (XSS) Almacenado en los par\u00e1metros \"t\u00edtulo, nombre\"."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "security@wordfence.com",
|
"sourceIdentifier": "security@wordfence.com",
|
||||||
"published": "2024-08-17T09:15:07.160",
|
"published": "2024-08-17T09:15:07.160",
|
||||||
"lastModified": "2024-08-19T13:00:23.117",
|
"lastModified": "2024-08-19T13:00:23.117",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "security@wordfence.com",
|
"sourceIdentifier": "security@wordfence.com",
|
||||||
"published": "2024-02-29T01:42:45.657",
|
"published": "2024-02-29T01:42:45.657",
|
||||||
"lastModified": "2024-11-21T08:44:35.743",
|
"lastModified": "2024-11-21T08:44:35.743",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||||
"published": "2023-12-21T23:15:11.213",
|
"published": "2023-12-21T23:15:11.213",
|
||||||
"lastModified": "2025-02-03T14:15:37.920",
|
"lastModified": "2025-02-03T14:15:37.920",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "CalInvocationHandler in Brocade \nSANnav before 2.3.1b logs sensitive information in clear text. The \nvulnerability could allow an authenticated, local attacker to view \nBrocade Fabric OS switch sensitive information in clear text. An \nattacker with administrative privileges could retrieve sensitive \ninformation including passwords; SNMP responses that contain AuthSecret \nand PrivSecret after collecting a \u201csupportsave\u201d or getting access to an \nalready collected \u201csupportsave\u201d. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952"
|
"value": "CalInvocationHandler in Brocade \nSANnav before 2.3.1b logs sensitive information in clear text. The \nvulnerability could allow an authenticated, local attacker to view \nBrocade Fabric OS switch sensitive information in clear text. An \nattacker with administrative privileges could retrieve sensitive \ninformation including passwords; SNMP responses that contain AuthSecret \nand PrivSecret after collecting a \u201csupportsave\u201d or getting access to an \nalready collected \u201csupportsave\u201d. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "CalInvocationHandler en Brocade SANnav anterior a la versi\u00f3n 2.3.1b registra informaci\u00f3n confidencial en texto plano. La vulnerabilidad podr\u00eda permitir que un atacante local autenticado vea informaci\u00f3n confidencial del conmutador Brocade Fabric OS en texto plano. Un atacante con privilegios administrativos podr\u00eda recuperar informaci\u00f3n confidencial, incluidas contrase\u00f1as, respuestas SNMP que contengan AuthSecret y PrivSecret despu\u00e9s de recopilar un \u201csupportsave\u201d o de obtener acceso a un \u201csupportsave\u201d ya recopilado. NOTA: este problema existe debido a una correcci\u00f3n incompleta de CVE-2024-29952"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Brocade SANnav before SANnav 2.3.1b \nenables weak TLS ciphers on ports 443 and 18082. In case of a successful\n exploit, an attacker can read Brocade SANnav data stream that includes \nmonitored Brocade Fabric OS switches performance data, port status, \nzoning information, WWNs, IP Addresses, but no customer data, no \npersonal data and no secrets or passwords, as it travels across the \nnetwork."
|
"value": "Brocade SANnav before SANnav 2.3.1b \nenables weak TLS ciphers on ports 443 and 18082. In case of a successful\n exploit, an attacker can read Brocade SANnav data stream that includes \nmonitored Brocade Fabric OS switches performance data, port status, \nzoning information, WWNs, IP Addresses, but no customer data, no \npersonal data and no secrets or passwords, as it travels across the \nnetwork."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "Brocade SANnav anterior a SANnav 2.3.1b permite cifrados TLS d\u00e9biles en los puertos 443 y 18082. En caso de una explotaci\u00f3n exitosa, un atacante puede leer el flujo de datos de Brocade SANnav que incluye datos de rendimiento de conmutadores Brocade Fabric OS monitoreados, estado del puerto, informaci\u00f3n de zonificaci\u00f3n, WWN, direcciones IP, pero no datos de clientes, ni datos personales ni secretos o contrase\u00f1as, mientras viaja a trav\u00e9s de la red."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update listing statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
"value": "The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update listing statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento DirectoryPress Frontend para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.7.9 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n dpfl_listingStatusChange(). Esto hace posible que atacantes no autenticados actualicen los estados de las listas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The UltraEmbed \u2013 Advanced Iframe Plugin For WordPress with Gutenberg Block Included plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The UltraEmbed \u2013 Advanced Iframe Plugin For WordPress with Gutenberg Block Included plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento UltraEmbed \u2013 Advanced Iframe Plugin For WordPress with Gutenberg Block Included para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'iframe' del complemento en todas las versiones hasta la 1.0.3 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Subscribe2 \u2013 Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The Subscribe2 \u2013 Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Subscribe2 \u2013 Form, Email Subscribers & Newsletters para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro IP en todas las versiones hasta 10.43 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida. Esto hace posible que los atacantes no autenticados inyecten una web arbitraria scripts en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umich_oidc_button' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umich_oidc_button' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento UMich OIDC Login para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'umich_oidc_button' del complemento en todas las versiones hasta 1.2.0 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The CanadaHelps Embedded Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedcdn' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The CanadaHelps Embedded Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedcdn' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento CanadaHelps Embedded Donation Form para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'INMCREDCDN' del complemento en todas las versiones hasta 1.0.0 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "ZF Roll Stability Support Plus (RSSPlus) \nis vulnerable to an authentication bypass vulnerability targeting \ndeterministic RSSPlus SecurityAccess service seeds, which may allow an \nattacker to remotely (proximal/adjacent with RF equipment or via pivot \nfrom J2497 telematics devices) call diagnostic functions intended for \nworkshop or repair scenarios. This can impact system availability, \npotentially degrading performance or erasing software, however the \nvehicle remains in a safe vehicle state."
|
"value": "ZF Roll Stability Support Plus (RSSPlus) \nis vulnerable to an authentication bypass vulnerability targeting \ndeterministic RSSPlus SecurityAccess service seeds, which may allow an \nattacker to remotely (proximal/adjacent with RF equipment or via pivot \nfrom J2497 telematics devices) call diagnostic functions intended for \nworkshop or repair scenarios. This can impact system availability, \npotentially degrading performance or erasing software, however the \nvehicle remains in a safe vehicle state."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "ZF Roll Stability Support Plus (RSSPlus) es vulnerable a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que afecta a las semillas de servicio deterministas RSSPlus SecurityAccess, lo que puede permitir que un atacante llame de forma remota (proximal/adyacente con equipo de RF o a trav\u00e9s de pivote desde dispositivos telem\u00e1ticos J2497) a funciones de diagn\u00f3stico destinadas a escenarios de taller o reparaci\u00f3n. Esto puede afectar la disponibilidad del sistema, degradando potencialmente el rendimiento o borrando el software, sin embargo, el veh\u00edculo permanece en un estado seguro."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Lexicata plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link."
|
"value": "The Lexicata plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Lexicata para WordPress es vulnerable a Cross-Site Scripting Reflejado debido al uso de add_query_arg sin escapar de la URL apropiado en todas las versiones hasta 1.0.16 incluida. Esto hace posible que los atacantes no autenticados inyecten una web arbitraria scripts que ejecutan si pueden enga\u00f1ar con \u00e9xito a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace especialmente manipulado."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-05T16:15:24.933",
|
"published": "2024-12-05T16:15:24.933",
|
||||||
"lastModified": "2024-12-05T16:15:24.933",
|
"lastModified": "2024-12-05T16:15:24.933",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-05T16:15:25.090",
|
"published": "2024-12-05T16:15:25.090",
|
||||||
"lastModified": "2024-12-05T16:15:25.090",
|
"lastModified": "2024-12-05T16:15:25.090",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Authenticated privilege escalation in\u00a0NetScaler Console and NetScaler Agent allows."
|
"value": "Authenticated privilege escalation in\u00a0NetScaler Console and NetScaler Agent allows."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La escalada de privilegios autenticado en NetScaler Console and NetScaler Agent permiten."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
|
"value": "The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Digihood HTML Sitemap para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro \u2018canal 'en todas las versiones hasta 3.1.1 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida. Esto hace posible que los atacantes no autenticados inyecten una web arbitraria scripts en p\u00e1ginas que ejecutan si pueden enga\u00f1ar con \u00e9xito a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
|
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
|
||||||
"published": "2024-12-17T05:15:06.413",
|
"published": "2024-12-17T05:15:06.413",
|
||||||
"lastModified": "2025-02-17T21:15:10.327",
|
"lastModified": "2025-02-17T21:15:10.327",
|
||||||
"vulnStatus": "Modified",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yayforms' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yayforms' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily de WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del brevemente de 'YAYFORMS' del complemento en todas las versiones hasta 1.2.1 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-featured-listings' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-featured-listings' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Easy MLS Listings Import para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto de 'listas de hom\u00e9asepasa de homease' en todas las versiones hasta 2.0.1 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos suministrados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
|
"value": "The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento s2Member Pro para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 241216 incluida, a trav\u00e9s de la deserializaci\u00f3n de la entrada no confiable del par\u00e1metro vulnerable 's2member_pro_remote_op'. Esto hace posible que atacantes no autenticados inyecten un objeto PHP. No hay ninguna cadena POP presente en el software vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0."
|
"value": "Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "Se expuso una vulnerabilidad de m\u00e9todo o funci\u00f3n peligrosa en la aplicaci\u00f3n m\u00f3vil HGS de PTT Inc. que permite manipular variables controladas por el usuario. Este problema afecta a la aplicaci\u00f3n m\u00f3vil HGS: anterior a 6.5.0."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-19T17:15:08.650",
|
"published": "2024-12-19T17:15:08.650",
|
||||||
"lastModified": "2024-12-19T17:15:08.650",
|
"lastModified": "2024-12-19T17:15:08.650",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Open Hours \u2013 Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The Open Hours \u2013 Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Open Hours \u2013 Easy Opening Hours para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'Hours-Current-Status-Status' del complemento en todas las versiones hasta 1.0.9 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos suministrados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-26T06:15:05.987",
|
"published": "2024-12-26T06:15:05.987",
|
||||||
"lastModified": "2024-12-26T06:15:05.987",
|
"lastModified": "2024-12-26T06:15:05.987",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-26T07:15:11.637",
|
"published": "2024-12-26T07:15:11.637",
|
||||||
"lastModified": "2024-12-26T07:15:11.637",
|
"lastModified": "2024-12-26T07:15:11.637",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-26T08:15:05.540",
|
"published": "2024-12-26T08:15:05.540",
|
||||||
"lastModified": "2024-12-26T08:15:05.540",
|
"lastModified": "2024-12-26T08:15:05.540",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-26T16:15:27.643",
|
"published": "2024-12-26T16:15:27.643",
|
||||||
"lastModified": "2024-12-26T16:15:27.643",
|
"lastModified": "2024-12-26T16:15:27.643",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-26T18:15:21.027",
|
"published": "2024-12-26T18:15:21.027",
|
||||||
"lastModified": "2024-12-26T18:15:21.027",
|
"lastModified": "2024-12-26T18:15:21.027",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-27T06:15:23.463",
|
"published": "2024-12-27T06:15:23.463",
|
||||||
"lastModified": "2024-12-27T06:15:23.463",
|
"lastModified": "2024-12-27T06:15:23.463",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-28T22:15:16.893",
|
"published": "2024-12-28T22:15:16.893",
|
||||||
"lastModified": "2024-12-28T22:15:16.893",
|
"lastModified": "2024-12-28T22:15:16.893",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-29T07:15:05.643",
|
"published": "2024-12-29T07:15:05.643",
|
||||||
"lastModified": "2024-12-29T07:15:05.643",
|
"lastModified": "2024-12-29T07:15:05.643",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-29T08:15:05.143",
|
"published": "2024-12-29T08:15:05.143",
|
||||||
"lastModified": "2024-12-29T08:15:05.143",
|
"lastModified": "2024-12-29T08:15:05.143",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-29T08:15:06.840",
|
"published": "2024-12-29T08:15:06.840",
|
||||||
"lastModified": "2024-12-29T08:15:06.840",
|
"lastModified": "2024-12-29T08:15:06.840",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-29T09:15:05.580",
|
"published": "2024-12-29T09:15:05.580",
|
||||||
"lastModified": "2024-12-29T09:15:05.580",
|
"lastModified": "2024-12-29T09:15:05.580",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-29T10:15:05.853",
|
"published": "2024-12-29T10:15:05.853",
|
||||||
"lastModified": "2024-12-29T10:15:05.853",
|
"lastModified": "2024-12-29T10:15:05.853",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
"sourceIdentifier": "cna@vuldb.com",
|
"sourceIdentifier": "cna@vuldb.com",
|
||||||
"published": "2024-12-29T21:15:06.220",
|
"published": "2024-12-29T21:15:06.220",
|
||||||
"lastModified": "2024-12-29T21:15:06.220",
|
"lastModified": "2024-12-29T21:15:06.220",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Undergoing Analysis",
|
||||||
"cveTags": [],
|
"cveTags": [],
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0."
|
"value": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "La vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de la clave principal SQL controlada por el usuario en BSS Software Mobuy Online Machinery Monitoring Panel permite la inyecci\u00f3n SQL. Este problema afecta a Mobuy Online Machinery Monitoring Panel: antes de 2.0."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code base, to apply the patch, the affected widget: Transparent Split Hero must be deleted and reinstalled manually."
|
"value": "The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code base, to apply the patch, the affected widget: Transparent Split Hero must be deleted and reinstalled manually."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Unlimited Elements For Elementor para WordPress son vulnerables a Cross-Site Scripting Almacenado a trav\u00e9s del widget de h\u00e9roe dividido transparente del complemento en todas las versiones hasta 1.5.140 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Nota: Dado que el c\u00f3digo del widget no es parte de la base del c\u00f3digo, para aplicar el parche, el widget afectado: el h\u00e9roe dividido transparente debe eliminarse y reinstalar manualmente."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitrary videos to any portfolio gallery."
|
"value": "The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitrary videos to any portfolio gallery."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Portfolio Builder \u2013 Portfolio Gallery de WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'add_video' en todas las versiones hasta la 1.1.7 incluida. Esto permite que atacantes no autenticados agreguen videos arbitrarios a cualquier galer\u00eda de portafolios."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This makes it possible for unauthenticated attackers to disable all auto updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
"value": "The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This makes it possible for unauthenticated attackers to disable all auto updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Disable Auto Updates para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.4 incluida. Esto se debe a una validaci\u00f3n de nonce incorrecta o faltante en la p\u00e1gina \"disable-auto-updates\". Esto hace posible que atacantes no autenticados deshabiliten todas las actualizaciones autom\u00e1ticas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
"value": "The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento DeBounce Email Validator para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 5.6.6 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la p\u00e1gina 'debounce_email_validator'. Esto permite que atacantes no autenticados actualicen configuraciones e inyecten scripts web maliciosos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
|
"value": "The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Raptive Ads para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'POC' en todas las versiones hasta 3.6.3 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n si logran enga\u00f1ar con \u00e9xito a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to reset the ad and cls files."
|
"value": "The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to reset the ad and cls files."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Raptive Ads para WordPress es vulnerable al acceso no autorizado debido a una verificaci\u00f3n de capacidad faltante en las funciones site_ads_files_reset() y cls_file_reset() en todas las versiones hasta la 3.6.3 incluida. Esto hace posible que atacantes no autenticados restablezcan los archivos ad y cls."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'adfo_list' shortcode in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'adfo_list' shortcode in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento ADFO \u2013 Custom data in admin dashboard para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'ADFO_LIST' del complemento en todas las versiones hasta 1.9.1 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awp_ip_deny' page. This makes it possible for unauthenticated attackers to block IP addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
"value": "The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awp_ip_deny' page. This makes it possible for unauthenticated attackers to block IP addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Apptivo Business Site CRM para WordPress es vulnerable a Cross-Site Request Forgery n todas las versiones hasta 5.3 incluida. Esto se debe a la validaci\u00f3n de Nonce faltante o incorrecta en la p\u00e1gina 'AWP_IP_DENY'. Esto hace posible que los atacantes no autenticados bloqueen las direcciones IP a trav\u00e9s de una solicitud falsificada otorgada que pueden enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n, como hacer clic en un enlace."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Team \u2013 Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings."
|
"value": "The Team \u2013 Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Team \u2013 Team Members Showcase para WordPress es vulnerable al acceso no autorizado debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n response() en todas las versiones hasta la 4.4.9 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen la configuraci\u00f3n del complemento."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Easypromos Plugin para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto EasyPromos del complemento en todas las versiones hasta 1.3.8 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Elementor Website Builder \u2013 More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The Elementor Website Builder \u2013 More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Elementor Website Builder \u2013 More Than Just a Page Builder para WordPress, es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los par\u00e1metros de borde, margen y brecha en todas las versiones hasta 3.27.4 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The WP Wiki Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wiki' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The WP Wiki Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wiki' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento WP Wiki ToolTip para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'wiki' del complemento en todas las versiones hasta 2.0.2 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
"value": "The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Library Bookshelves para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'Bookshelf' del complemento en todas las versiones hasta 5.9 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible a los atacantes autenticados, con acceso a nivel de contribuyente y superior, para inyectar Web scripts en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it possible for unauthenticated attackers to delete arbitrary posts/pages."
|
"value": "The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it possible for unauthenticated attackers to delete arbitrary posts/pages."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento Trash Duplicate and 301 Redirect para WordPress son vulnerables a la p\u00e9rdida de datos no autorizada debido a una verificaci\u00f3n de capacidad faltante en la acci\u00f3n de 'duplicados-acci\u00f3n-top' en todas las versiones hasta 1.9 incluida. Esto hace posible que los atacantes no autenticados eliminen publicaciones/p\u00e1ginas arbitrarias."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
"value": "The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento LTL Freight Quotes \u2013 GlobalTranz Edition para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del ednpoint AJAX 'engtz_wd_save_dropship' en todas las versiones hasta la 2.3.11 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The LTL Freight Quotes \u2013 TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
"value": "The LTL Freight Quotes \u2013 TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento LTL Freight Quotes \u2013 TForce Edition para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de los par\u00e1metros 'dropship_edit_id' y 'edit_id' en todas las versiones hasta la 3.6.4 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The LTL Freight Quotes \u2013 SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
"value": "The LTL Freight Quotes \u2013 SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento LTL Freight Quotes \u2013 SEFL Edition para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de los par\u00e1metros 'dropship_edit_id' y 'edit_id' en todas las versiones hasta la 3.2.4 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
@ -9,6 +9,10 @@
|
|||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "The LTL Freight Quotes \u2013 R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
"value": "The LTL Freight Quotes \u2013 R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "El complemento LTL Freight Quotes \u2013 R+L Carriers Edition para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de los par\u00e1metros 'edit_id' y 'dropship_edit_id' en todas las versiones hasta la 3.3.4 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user