Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-46210: WordPress WC Captcha plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebCource WC Captcha plugin <= 1.4 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws

Meta on Monday announced plans to offer an ad-free option to access Facebook and Instagram for users in the European Union (EU), European Economic Area (EEA), and Switzerland to comply with "evolving" data protection regulations in the region. The ad-free subscription, which costs €9.99/month on the web or €12.99/month on iOS and Android, is expected to be officially available starting next

CVE-2023-45996: Vuln0wned Report: SQL Injection in member_type.php · Issue #216 · slims/slims9_bulian

SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.

CVE-2023-43139: [CVE-2023-43139] Improper Neutralization of Special Elements used in an OS Command in the Franfinance module for PrestaShop

An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components.

CVE-2023-36263: [CVE-2023-36263] Improper neutralization of SQL parameter in Opart limit quantity for PrestaShop

Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE-2023-46356: [CVE-2023-46356] Improper neutralization of SQL parameter in Bl Modules - CSV Feeds PRO module for PrestaShop

In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE-2023-45378: [CVE-2023-45378] Improper neutralization of SQL parameter in PrestaBlog module for PrestaShop

In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE-2023-27846: [CVE-2023-27846] Improper neutralization of SQL parameter in tvcmsblog module by themevolty for PrestaShop

SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components.

CVE-2023-47174: Java Deserialization RCE · SFTP Gateway Support

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.

GHSA-7q5f-29gx-57ff: Cross-site Scripting (XSS) in microweber/microweber

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.