Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-47511: WordPress Pinyin Slugs plugin <= 2.3.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO WP Pinyin Slugs plugin <= 2.3.0 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-47509: WordPress Edit WooCommerce Templates plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup Edit WooCommerce Templates plugin <= 1.1.1 versions.

CVE-2023-47242: WordPress ANAC XML Bandi di Gara plugin <= 7.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions.

CVE-2023-47508: WordPress Master Slider Pro plugin <= 3.6.5 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions.

CVE-2023-47512: WordPress Product Enquiry for WooCommerce plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions.

CVE-2023-47245: WordPress ANAC XML Viewer plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Viewer plugin <= 1.7 versions.

CVE-2023-47514: WordPress Star CloudPRNT for WooCommerce plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT for WooCommerce plugin <= 2.0.3 versions.

CVE-2023-6013: Leaking/modulation Flows/Model data via stored xss in h2o-3

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.

CVE-2023-6038: LFI in h2o-3 API in h2o-3

An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News. The flaw, tracked as CVE-2023-37580 (CVSS score: