CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.

 Verified

 Not fixed

**4.8**

CVSS 3.1 score Medium severity

Monitoring Coming soon

Software

Uploading SVG, WEBP and ICO files

Vulnerable versions

<= 1.0.1

PSID 

6ae7f03579ae

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Required privilege 

Requires author or higher role user authentication.

Publicly disclosed

2022-08-12

**Details**

Authenticated Stored Cross-Site Scripting (XSS) vulnerability via malicious SVG file upload discovered by Universe (Patchstack Alliance) in WordPress Uploading SVG, WEBP and ICO files plugin (versions <= 1.0.1).

**Solution**

No patched version available.

**References**

CVE-2022-34648: WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Headline

CVE-2022-34648: WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

CVE: Latest News