Show filters
27 Total Results
Displaying 1-10 of 27
Sort by:
Attacker Value
Unknown

CVE-2024-11435

Disclosure Date: November 21, 2024 (last updated January 05, 2025)
The salavat counter Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-47659

Disclosure Date: November 14, 2023 (last updated November 21, 2023)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-46081

Disclosure Date: October 26, 2023 (last updated October 31, 2023)
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-36984

Disclosure Date: August 01, 2023 (last updated October 08, 2023)
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-36983

Disclosure Date: August 01, 2023 (last updated October 08, 2023)
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-30124

Disclosure Date: May 18, 2023 (last updated October 08, 2023)
LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-27238

Disclosure Date: May 12, 2023 (last updated October 08, 2023)
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-27237

Disclosure Date: May 12, 2023 (last updated October 08, 2023)
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-45132

Disclosure Date: November 18, 2022 (last updated November 08, 2023)
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-44641

Disclosure Date: November 18, 2022 (last updated November 08, 2023)
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  Next >