Show filters
29 Total Results
Displaying 1-10 of 29
Sort by:
Attacker Value
Unknown

CVE-2023-23834

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
0
0
Attacker Value
Unknown

CVE-2023-23825

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
0
0
Attacker Value
Unknown

CVE-2024-10484

Disclosure Date: December 03, 2024 (last updated February 08, 2025)
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-37517

Disclosure Date: November 01, 2024 (last updated November 02, 2024)
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7.
0
0
Attacker Value
Unknown

CVE-2024-45367

Disclosure Date: October 03, 2024 (last updated October 04, 2024)
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.
0
0
Attacker Value
Unknown

CVE-2024-41925

Disclosure Date: October 03, 2024 (last updated October 04, 2024)
The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.
0
0
Attacker Value
Unknown

CVE-2024-7590

Disclosure Date: August 12, 2024 (last updated August 13, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Spectra allows Stored XSS.This issue affects Spectra: from n/a through 2.14.1.
0
0
Attacker Value
Unknown

CVE-2024-3827

Disclosure Date: August 02, 2024 (last updated August 02, 2024)
The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-36676

Disclosure Date: June 19, 2024 (last updated September 21, 2024)
Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-23738

Disclosure Date: June 03, 2024 (last updated June 04, 2024)
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through 2.3.0.
0
0
View More Topics  Next >