Show filters
614 Total Results
Displaying 111-120 of 614
Sort by:
Attacker Value
Unknown
CVE-2023-25984
Disclosure Date: August 08, 2023 (last updated October 08, 2023)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions.
0
Attacker Value
Unknown
CVE-2023-27416
Disclosure Date: August 08, 2023 (last updated October 08, 2023)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions.
0
Attacker Value
Unknown
CVE-2023-33668
Disclosure Date: July 12, 2023 (last updated October 08, 2023)
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.
0
Attacker Value
Unknown
CVE-2023-23869
Disclosure Date: July 10, 2023 (last updated October 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions.
0
Attacker Value
Unknown
CVE-2023-22814
Disclosure Date: July 01, 2023 (last updated October 08, 2023)
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.
This issue affects My Cloud OS 5 devices: before 5.26.202.
0
Attacker Value
Unknown
CVE-2023-22816
Disclosure Date: June 30, 2023 (last updated September 05, 2024)
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.
This issue affects My Cloud OS 5 devices: before 5.26.300.
0
Attacker Value
Unknown
CVE-2023-22815
Disclosure Date: June 30, 2023 (last updated September 05, 2024)
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high.
This issue affects My Cloud OS 5 devices: before 5.26.300.
0
Attacker Value
Unknown
CVE-2023-25055
Disclosure Date: June 15, 2023 (last updated October 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions.
0
Attacker Value
Unknown
CVE-2023-34537
Disclosure Date: June 13, 2023 (last updated October 08, 2023)
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
0
Attacker Value
Unknown
CVE-2023-33817
Disclosure Date: June 13, 2023 (last updated October 08, 2023)
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
0
