Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-34374: WordPress AnsPress – Question and answer plugin <= 4.3.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <= 4.3.0 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-30481: WordPress AGP Font Awesome Collection plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.

CVE-2023-36530: WordPress SP Project & Document Manager plugin <= 4.67 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.

CVE-2023-23900: WordPress Easy Forms for Mailchimp plugin <= 6.8.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions.

​Siemens Solid Edge, JT2Go, and Teamcenter Visualization

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge, JT2Go, and Teamcenter Visualization ​Vulnerabilities: Use After Free, Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​JT2Go: All versions prior to v14.2.0.5 ​Solid Edge SE2022: All versions prior to v222.0 Update 13 ​Solid Edge SE2023: All versions prior to v223.0 Update 4 ​Teamcenter Visualization V13.2: All versions prior to v13.2.0.15 ​Teamcenter Visualization V13.2: All versions prior to v13.2.0.14 ​Teamcenter Visualization V13.3: All versions prior to v13.3.0.11 ​Teamcenter Visualization V14.1: All versions prior to v14.1.0.11 ​Teamcenter Visualization V14.1: All versions prior to v14.1.0.10 ​Teamcenter Visualization V14.2: All versions prior ...

Siemens Parasolid Installer

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Parasolid ​Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to misuse the vulnerability and escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected if installed with Parasolid installer: ​Parasolid V35.0: All versions ​Parasolid V35.1: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 ​Nullsoft Scriptable Install System (NSIS) before v3.09 creates an "uninstall directory" with insufficient access control. This could allow an attacker to misuse the vulnerability and escalate privileges. ​CVE-2023-37378 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND ...

​Siemens JT Open, JT Utilities, and Parasolid

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: JT Open, JT Utilities, and Parasolid ​Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​JT Open: All versions prior to v11.4 ​JT Utilities: All versions prior to v13.4 ​Parasolid v34.0: All versions prior to v34.0.253 ​Parasolid v34.1: All versions prior to v34.1.243 ​Parasolid v35.0: All versions prior to v35.0.177 ​Parasolid v35.1: All versions prior to v35.1.073 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS READ CWE-125 ​The affected applications contain an out-of-bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. ​CVE-2023-30795 has bee...

Siemens Parasolid and Teamcenter Visualization

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid and Teamcenter Visualization Vulnerabilities: NULL Pointer Dereference, Out-of-bounds Read, Out-of-bounds Write, Allocation of Resources without Limits or Throttling 2. RISK EVALUATION An attacker could successfully exploit these vulnerabilities by tricking a user into opening a malicious file, allowing the attacker to cause a denial of service or perform remote code execution in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Parasolid V34.1: versions prior to V34.1.258 Parasolid V35.0: versions prior to V35.0.254 Parasolid V35.1: versions prior to V35.1.171 Parasolid V35.1: versions prior to V35.1.197 Parasolid V35.1: versions prior to V35.1.184 Teamcenter Visualization V14.1: all versions Teamcenter Visualization V14.2: versions prior to V14.2.0.6 Teamcenter Visualization V14.3: all versions 3....

Siemens OpenSSL RSA Decryption in SIMATIC

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Siemens ​Equipment: SIMATIC, SIPLUS ​Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to recover the product’s connection secret. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected:  ​SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00): versions prior to V2.2 ​SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): versions prior to V2.2 ​SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): versions V3.0.1 to V3.0.3 ​SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0): versions prior to V2.9.7 ​SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): versions V3.0.1 to V3.0.3 ​SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0): versions prior to V2.9.7 ​SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0): versions prior to V3.2.19 ​SIMATIC ET 200pro IM154-8F PN/DP CPU (...

Network Mirroring in Siemens RUGGEDCOM

1. EXECUTIVE SUMMARY CVSS v3 9.1  ATTENTION: Exploitable remotely / low attack complexity   Vendor: Siemens   Equipment: RUGGEDCOM  Vulnerability: Incorrect Provision of Specified Functionality  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject information into the network via the mirror port. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: RUGGEDCOM i800: All versions prior to V4.3.8 RUGGEDCOM i800NC: All versions prior to V4.3.8 RUGGEDCOM i801: All versions prior to V4.3.8 RUGGEDCOM i801NC: All versions prior to V4.3.8 RUGGEDCOM i802: All versions prior to V4.3.8 RUGGEDCOM i802NC: All versions prior to V4.3.8 RUGGEDCOM i803: All versions prior to V4.3.8 RUGGEDCOM i803NC: All versions prior to V4.3.8 RUGGEDCOM M2100: All versions prior to V4.3.8 RUGGEDCOM M2100F: All versions RUGGEDCOM M2100NC: All versions prior to V4.3.8 RUGGEDCOM M2200: All versions prior to V4.3.8 RUGGEDCOM M2200F: All ve...