Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2020-19697: XSS vulnerability found via <iframe> src attribute · Issue #701 · pandao/editor.md

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter.

CVE
Open in Source
#xss#vulnerability#git#java#chrome#firefox
CVE-2023-26855: Weak Salt Implementation · Issue #6449 · ChurchCRM/CRM

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.

WordPress Accessibility Help Button 1.1 Cross Site Scripting

WordPress Accessibility Help Button plugin version 1.1 suffers from a cross site scripting vulnerability.

GLPI Cartography Shell Upload

GLPI Cartography versions prior to 6.0.0 suffers from a remote shell upload vulnerability.

GLPI 10.0.2 SQL Injection / Remote Code Execution

GLPI versions 10.0.0 through 10.0.2 suffer from a remote SQL injection vulnerability that can lead to remote code execution.

GLPI Activity Local File Inclusion

GLPI Activity versions prior to 3.1.0 suffer from a local file inclusion vulnerability.

GLPI Glpiinventory 1.0.1 Local File Inclusion

GLPI Glpiinventory versions 1.0.1 and below suffer from a local file inclusion vulnerability.

GLPI Manageentities Local File Inclusion

GLPI Manageentities versions prior to 4.0.2 suffer from a local file inclusion vulnerability.

Roxy WI 6.1.1.0 Remote Code Execution

Roxy WI version 6.1.1.0 suffers from an unauthenticated remote code execution vulnerability.

Roxy WI 6.1.0.0 Remote Code Execution

Roxy WI version 6.1.0.0 suffers from an unauthenticated remote code execution vulnerability.