-
Notifications
You must be signed in to change notification settings - Fork 775
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
efb0cfb
commit 28e2d6d
Showing
50 changed files
with
706 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2020-11774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11774) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://kb.netgear.com/000061756/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2018-0522 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
### [CVE-2020-1416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1416) | ||
![](https://img.shields.io/static/v1?label=Product&message=Azure%20Storage%20Explorer&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202017%20version%2015.9%20(includes%2015.0%20-%2015.8)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202019%20version%2016.4%20(includes%2016.0%20-%2016.3)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202019%20version%2016.6%20(includes%2016.0%20-%2016.5)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202019&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=TypeScript&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=Visual%20Studio%20Code&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen) | ||
|
||
### Description | ||
|
||
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/xjr1300/first-step-of-python | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2021-41042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41042) | ||
![](https://img.shields.io/static/v1?label=Product&message=Eclipse%20Lyo&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%201.0.0%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611&color=brighgreen) | ||
|
||
### Description | ||
|
||
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/eclipse/lyo | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-27642](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27642) | ||
![](https://img.shields.io/static/v1?label=Product&message=R6700v3&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%3A%20Incorrect%20Authorization&color=brighgreen) | ||
|
||
### Description | ||
|
||
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-27647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27647) | ||
![](https://img.shields.io/static/v1?label=Product&message=R6700v3&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) | ||
|
||
### Description | ||
|
||
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-0399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0399) | ||
![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Customers%20Manager&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%2029.7%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) | ||
|
||
### Description | ||
|
||
The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/ | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-0902](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0902) | ||
![](https://img.shields.io/static/v1?label=Product&message=Fancy%20Product%20Designer&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.1.81%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) | ||
|
||
### Description | ||
|
||
The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/fd53e40a-516b-47b9-b495-321774432367/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1204) | ||
![](https://img.shields.io/static/v1?label=Product&message=Meta%20Box%20&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.9.4%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) | ||
|
||
### Description | ||
|
||
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/03191b00-0b05-42db-9ce2-fc525981b6c9/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1306) | ||
![](https://img.shields.io/static/v1?label=Product&message=Smart%20Forms%20&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.94%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) | ||
|
||
### Description | ||
|
||
The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/c7ce2649-b2b0-43f4-994d-07b1023405e9/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1307) | ||
![](https://img.shields.io/static/v1?label=Product&message=Smart%20Forms%20&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.94%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) | ||
|
||
### Description | ||
|
||
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/bbc6cebd-e9bf-4b08-a474-f9312b3c0947/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1310) | ||
![](https://img.shields.io/static/v1?label=Product&message=WooCommerce&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.6%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) | ||
|
||
### Description | ||
|
||
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products) | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/a7735feb-876e-461c-9a56-ea6067faf277/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
### [CVE-2024-1655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1655) | ||
![](https://img.shields.io/static/v1?label=Product&message=ExpertWiFi%20EBM63&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=ExpertWiFi%20EBM68&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=RT-AX57%20Go&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=earlier%20%3C%203.0.0.6.102_44384%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Version&message=earlier%3C%203.0.0.6.102_22188%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Version&message=earlier%3C%203.0.0.6.102_32645%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) | ||
|
||
### Description | ||
|
||
Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1660) | ||
![](https://img.shields.io/static/v1?label=Product&message=Top%20Bar&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.5%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) | ||
|
||
### Description | ||
|
||
The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/5bd16f84-22bf-4170-b65c-08caf67d0005/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1712) | ||
![](https://img.shields.io/static/v1?label=Product&message=Carousel%20Slider&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.7%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) | ||
|
||
### Description | ||
|
||
The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/23805a61-9fcd-4744-a60d-05c8cb43ee01/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1746](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1746) | ||
![](https://img.shields.io/static/v1?label=Product&message=Testimonial%20Slider&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.8%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) | ||
|
||
### Description | ||
|
||
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/5f35572a-4129-4fe0-a465-d25f4c3b4419/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1754) | ||
![](https://img.shields.io/static/v1?label=Product&message=NPS%20computy&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) | ||
|
||
### Description | ||
|
||
The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/c061e792-e37a-4cf6-b46b-ff111c5a5c84/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1755) | ||
![](https://img.shields.io/static/v1?label=Product&message=NPS%20computy&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) | ||
|
||
### Description | ||
|
||
The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/481a376b-55be-4afa-94f5-c3cf8a88b8d1/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1846](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1846) | ||
![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Tabs&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.7%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) | ||
|
||
### Description | ||
|
||
The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/ea2a8420-4b0e-4efb-a0c6-ceea996dae5a/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1849) | ||
![](https://img.shields.io/static/v1?label=Product&message=WP%20Customer%20Reviews&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.7.1%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) | ||
|
||
### Description | ||
|
||
The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://wpscan.com/vulnerability/e6d9fe28-def6-4f25-9967-a77f91899bfe/ | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.