Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Elon Musk’s X (Twitter) to Charge $1 for Basic Features

By Waqas Prepare to pay for Twitter (X). This is a post from HackRead.com Read the original post: Elon Musk’s X (Twitter) to Charge $1 for Basic Features

HackRead
Open in Source
#web#php
CVE-2023-45958: thirty bees - Reflected cross-site scripting (XSS)

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload.

CVE-2023-5631: Fix cross-site scripting (XSS) vulnerability in handling of SVG in HT… · roundcube/roundcubemail@6ee6e7a

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

CVE-2023-46007: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability-3.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.

CVE-2023-46006: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability-2.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.

CVE-2023-46005: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.

CVE-2023-4938: bulkoperations.php in woo-bulk-editor/trunk/ext/bulkoperations – WordPress Plugin Repository

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

CVE-2023-3254: Widgets for Google Reviews <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset — Wordfence Intelligence

The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).