This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T20:00:33+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5534 www.secnews.physaphae.fr/article.php?IdArticle=8398203 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4926 www.secnews.physaphae.fr/article.php?IdArticle=8398175 False None None None CVE Liste - Common Vulnerability Exposure The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5070 www.secnews.physaphae.fr/article.php?IdArticle=8398188 False None None None CVE Liste - Common Vulnerability Exposure The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3998 www.secnews.physaphae.fr/article.php?IdArticle=8398157 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4941 www.secnews.physaphae.fr/article.php?IdArticle=8398179 False None None None CVE Liste - Common Vulnerability Exposure The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin\'s [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4999 www.secnews.physaphae.fr/article.php?IdArticle=8398186 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4923 www.secnews.physaphae.fr/article.php?IdArticle=8398173 False None None None CVE Liste - Common Vulnerability Exposure The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'poptin-form\' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4961 www.secnews.physaphae.fr/article.php?IdArticle=8398183 False None None None CVE Liste - Common Vulnerability Exposure The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4021 www.secnews.physaphae.fr/article.php?IdArticle=8398158 False None None None CVE Liste - Common Vulnerability Exposure The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3996 www.secnews.physaphae.fr/article.php?IdArticle=8398156 False None None None CVE Liste - Common Vulnerability Exposure The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3869 www.secnews.physaphae.fr/article.php?IdArticle=8398154 False None None None CVE Liste - Common Vulnerability Exposure The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4648 www.secnews.physaphae.fr/article.php?IdArticle=8398168 False None None None CVE Liste - Common Vulnerability Exposure The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the \'wcj_wp_option\' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4796 www.secnews.physaphae.fr/article.php?IdArticle=8398170 False None None None CVE Liste - Common Vulnerability Exposure The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4668 www.secnews.physaphae.fr/article.php?IdArticle=8398169 False None None None CVE Liste - Common Vulnerability Exposure The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4386 www.secnews.physaphae.fr/article.php?IdArticle=8398162 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.]]> 2023-10-20T08:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4924 www.secnews.physaphae.fr/article.php?IdArticle=8398174 False None None None CVE Liste - Common Vulnerability Exposure The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the \'zeroBSCRM_CSVImporterLitehtml_app\' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a \'file_exists\' check on the value of \'zbscrmcsvimpf\'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3342 www.secnews.physaphae.fr/article.php?IdArticle=8398143 False None None None CVE Liste - Common Vulnerability Exposure The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36753 www.secnews.physaphae.fr/article.php?IdArticle=8398133 False None None None CVE Liste - Common Vulnerability Exposure The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36714 www.secnews.physaphae.fr/article.php?IdArticle=8398131 False None None None CVE Liste - Common Vulnerability Exposure The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36755 www.secnews.physaphae.fr/article.php?IdArticle=8398135 False None None None CVE Liste - Common Vulnerability Exposure The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the \'cli_path\' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2441 www.secnews.physaphae.fr/article.php?IdArticle=8398142 False None None None CVE Liste - Common Vulnerability Exposure The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3622 www.secnews.physaphae.fr/article.php?IdArticle=8398144 False None None None CVE Liste - Common Vulnerability Exposure The miniOrange\'s Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin\'s settings.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4943 www.secnews.physaphae.fr/article.php?IdArticle=8398147 False None None None CVE Liste - Common Vulnerability Exposure The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36758 www.secnews.physaphae.fr/article.php?IdArticle=8398136 False None None None CVE Liste - Common Vulnerability Exposure The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36754 www.secnews.physaphae.fr/article.php?IdArticle=8398134 False None None None CVE Liste - Common Vulnerability Exposure The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4418 www.secnews.physaphae.fr/article.php?IdArticle=8398141 False None None None CVE Liste - Common Vulnerability Exposure The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36759 www.secnews.physaphae.fr/article.php?IdArticle=8398137 False None None None CVE Liste - Common Vulnerability Exposure The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the \'ctl_sanitize_title\' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4290 www.secnews.physaphae.fr/article.php?IdArticle=8398145 False None None None CVE Liste - Common Vulnerability Exposure The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4334 www.secnews.physaphae.fr/article.php?IdArticle=8398138 False None None None CVE Liste - Common Vulnerability Exposure The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T08:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36751 www.secnews.physaphae.fr/article.php?IdArticle=8398132 False None None None CVE Liste - Common Vulnerability Exposure Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution ]]> 2023-10-20T07:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5523 www.secnews.physaphae.fr/article.php?IdArticle=8398200 False None None None CVE Liste - Common Vulnerability Exposure The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'podcast_subscribe\' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T07:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5308 www.secnews.physaphae.fr/article.php?IdArticle=8398197 False None None None CVE Liste - Common Vulnerability Exposure The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering.]]> 2023-10-20T07:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5576 www.secnews.physaphae.fr/article.php?IdArticle=8398204 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'flipbook\' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T07:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5200 www.secnews.physaphae.fr/article.php?IdArticle=8398194 False None None None CVE Liste - Common Vulnerability Exposure The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T07:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5050 www.secnews.physaphae.fr/article.php?IdArticle=8398187 False None None None CVE Liste - Common Vulnerability Exposure The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.]]> 2023-10-20T07:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5414 www.secnews.physaphae.fr/article.php?IdArticle=8398199 False None None None CVE Liste - Common Vulnerability Exposure The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T07:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5120 www.secnews.physaphae.fr/article.php?IdArticle=8398192 False None None None CVE Liste - Common Vulnerability Exposure The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'sitekit_iframe\' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T07:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5071 www.secnews.physaphae.fr/article.php?IdArticle=8398189 False None None None CVE Liste - Common Vulnerability Exposure Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types]]> 2023-10-20T07:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5524 www.secnews.physaphae.fr/article.php?IdArticle=8398201 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4943 www.secnews.physaphae.fr/article.php?IdArticle=8398181 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin\'s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4920 www.secnews.physaphae.fr/article.php?IdArticle=8398172 False None None None CVE Liste - Common Vulnerability Exposure The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4919 www.secnews.physaphae.fr/article.php?IdArticle=8398171 False None None None CVE Liste - Common Vulnerability Exposure The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4975 www.secnews.physaphae.fr/article.php?IdArticle=8398185 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4937 www.secnews.physaphae.fr/article.php?IdArticle=8398177 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4942 www.secnews.physaphae.fr/article.php?IdArticle=8398180 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4935 www.secnews.physaphae.fr/article.php?IdArticle=8398176 False None None None CVE Liste - Common Vulnerability Exposure The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4940 www.secnews.physaphae.fr/article.php?IdArticle=8398178 False None None None CVE Liste - Common Vulnerability Exposure The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \'wplegalpage\' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4968 www.secnews.physaphae.fr/article.php?IdArticle=8398184 False None None None CVE Liste - Common Vulnerability Exposure The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders.]]> 2023-10-20T07:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4947 www.secnews.physaphae.fr/article.php?IdArticle=8398182 False None None None CVE Liste - Common Vulnerability Exposure The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T07:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4954 www.secnews.physaphae.fr/article.php?IdArticle=8398148 False None None None CVE Liste - Common Vulnerability Exposure The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.]]> 2023-10-20T07:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4402 www.secnews.physaphae.fr/article.php?IdArticle=8398163 False None None None CVE Liste - Common Vulnerability Exposure Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.]]> 2023-10-20T07:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2325 www.secnews.physaphae.fr/article.php?IdArticle=8398149 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments.]]> 2023-10-20T07:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4274 www.secnews.physaphae.fr/article.php?IdArticle=8398161 False None None None CVE Liste - Common Vulnerability Exposure The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T07:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4482 www.secnews.physaphae.fr/article.php?IdArticle=8398164 False None None None CVE Liste - Common Vulnerability Exposure The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin\'s shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.]]> 2023-10-20T07:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4598 www.secnews.physaphae.fr/article.php?IdArticle=8398166 False None None None CVE Liste - Common Vulnerability Exposure The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.]]> 2023-10-20T07:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4271 www.secnews.physaphae.fr/article.php?IdArticle=8398160 False None None None CVE Liste - Common Vulnerability Exposure Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code.]]> 2023-10-20T07:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39680 www.secnews.physaphae.fr/article.php?IdArticle=8398155 False None None None CVE Liste - Common Vulnerability Exposure The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safeâ€� file types can be uploaded and included.]]> 2023-10-20T07:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4488 www.secnews.physaphae.fr/article.php?IdArticle=8398165 False None None None CVE Liste - Common Vulnerability Exposure The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4712 www.secnews.physaphae.fr/article.php?IdArticle=8398146 False None None None CVE Liste - Common Vulnerability Exposure The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin\'s settings.]]> 2023-10-20T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4353 www.secnews.physaphae.fr/article.php?IdArticle=8398140 False None None None CVE Liste - Common Vulnerability Exposure The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account.]]> 2023-10-20T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4335 www.secnews.physaphae.fr/article.php?IdArticle=8398139 False None None None CVE Liste - Common Vulnerability Exposure The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.]]> 2023-10-20T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36698 www.secnews.physaphae.fr/article.php?IdArticle=8398129 False Malware None None CVE Liste - Common Vulnerability Exposure The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.]]> 2023-10-20T07:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36706 www.secnews.physaphae.fr/article.php?IdArticle=8398130 False None None None CVE Liste - Common Vulnerability Exposure SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.]]> 2023-10-20T06:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40361 www.secnews.physaphae.fr/article.php?IdArticle=8398159 False None None None CVE Liste - Common Vulnerability Exposure VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.]]> 2023-10-20T05:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34052 www.secnews.physaphae.fr/article.php?IdArticle=8398153 False None None None CVE Liste - Common Vulnerability Exposure The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'tpsscode\' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T05:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5613 www.secnews.physaphae.fr/article.php?IdArticle=8398206 False None None None CVE Liste - Common Vulnerability Exposure The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'theme_switcha_list\' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T05:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5614 www.secnews.physaphae.fr/article.php?IdArticle=8398207 False None None None CVE Liste - Common Vulnerability Exposure The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'whatsapp\' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.]]> 2023-10-20T05:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5668 www.secnews.physaphae.fr/article.php?IdArticle=8398210 False None None None CVE Liste - Common Vulnerability Exposure please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)]]> 2023-10-20T05:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46277 www.secnews.physaphae.fr/article.php?IdArticle=8398167 False None None None CVE Liste - Common Vulnerability Exposure VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.]]> 2023-10-20T05:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34051 www.secnews.physaphae.fr/article.php?IdArticle=8398152 False None None None CVE Liste - Common Vulnerability Exposure Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows XSS via a text/html e-mail message containing an SVG image with a USE element. This is related to wash_uri in rcube_washtml.php.]]> 2023-10-20T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46267 www.secnews.physaphae.fr/article.php?IdArticle=8398050 False None None None CVE Liste - Common Vulnerability Exposure Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover.]]> 2023-10-20T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45394 www.secnews.physaphae.fr/article.php?IdArticle=8398047 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute whenever a user accesses the search page.]]> 2023-10-20T04:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45471 www.secnews.physaphae.fr/article.php?IdArticle=8398048 False None None None CVE Liste - Common Vulnerability Exposure ** REJECT ** Not a valid vulnerability.]]> 2023-10-20T03:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4531 www.secnews.physaphae.fr/article.php?IdArticle=8398043 False None None None CVE Liste - Common Vulnerability Exposure The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. This vulnerability is the same as CVE-2023-5212 but was accidentally reintroduced in version 4.9.2.]]> 2023-10-20T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5647 www.secnews.physaphae.fr/article.php?IdArticle=8398052 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This vulnerability is the same as CVE-2023-5534, but was reintroduced in version 4.9.2.]]> 2023-10-20T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5655 www.secnews.physaphae.fr/article.php?IdArticle=8398053 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-20T02:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5646 www.secnews.physaphae.fr/article.php?IdArticle=8398051 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim’s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim’s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-20T00:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41893 www.secnews.physaphae.fr/article.php?IdArticle=8398045 False None None None CVE Liste - Common Vulnerability Exposure Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-20T00:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41894 www.secnews.physaphae.fr/article.php?IdArticle=8398046 False None None None CVE Liste - Common Vulnerability Exposure = 1.5.5).Après avoir mis à jour la configuration EnvPrefix, générez une nouvelle clé privée avec `Tauri Signer Generate`, enregistrant la nouvelle clé privée et mettant à jour la valeur` PuBkey` de la mise à jour \\ sur `tauri.conf.json` avec la nouvelle clé publique.Pour mettre à jour votre application existante, la prochaine version d'application doit être signée avec l'ancienne clé privée afin d'être acceptée par l'application existante.

---

Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: [\'VITE_\', \'TAURI_\'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: [\'VITE_\'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater\'s `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application.]]> 2023-10-20T00:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46115 www.secnews.physaphae.fr/article.php?IdArticle=8398049 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.]]> 2023-10-20T00:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39731 www.secnews.physaphae.fr/article.php?IdArticle=8398044 False None None None CVE Liste - Common Vulnerability Exposure Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a POST request. An attacker able to exploit will be able to control the data dictionary, including its addon and input key/values. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-162`.]]> 2023-10-19T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41899 www.secnews.physaphae.fr/article.php?IdArticle=8397963 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.]]> 2023-10-19T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43345 www.secnews.physaphae.fr/article.php?IdArticle=8397968 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters]]> 2023-10-19T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43340 www.secnews.physaphae.fr/article.php?IdArticle=8397964 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.]]> 2023-10-19T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41898 www.secnews.physaphae.fr/article.php?IdArticle=8397962 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the `redirect_uri` and `client_id` parameters. Although the `redirect_uri` validation typically ensures that it matches the `client_id` and the scheme represents either `http` or `https`, Home Assistant will fetch the `client_id` and check for `` HTML tags on the page. These URLs are not subjected to the same scheme validation and thus allow for arbitrary JavaScript execution on the Home Assistant administration page via usage of `javascript:` scheme URIs. This Cross-site Scripting (XSS) vulnerability can be executed on the Home Assistant frontend domain, which may be used for a full takeover of the Home Assistant account and installation. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-19T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41895 www.secnews.physaphae.fr/article.php?IdArticle=8397959 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161.]]> 2023-10-19T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44385 www.secnews.physaphae.fr/article.php?IdArticle=8397971 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks and alternative exploit opportunities, such as the vector described in this security advisory. This fault incurs major risk, considering the ability to trick users into installing an external and malicious add-on with minimal user interaction, which would enable Remote Code Execution (RCE) within the Home Assistant application. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-19T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41897 www.secnews.physaphae.fr/article.php?IdArticle=8397961 False None None None CVE Liste - Common Vulnerability Exposure Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication logic in tandem with the `state` parameter. The state parameter contains the `hassUrl`, which is subsequently utilized to establish a WebSocket connection. This behavior permits an attacker to create a malicious Home Assistant link with a modified state parameter that forces the frontend to connect to an alternative WebSocket backend. Henceforth, the attacker can spoof any WebSocket responses and trigger cross site scripting (XSS). Since the XSS is executed on the actual Home Assistant frontend domain, it can connect to the real Home Assistant backend, which essentially represents a comprehensive takeover scenario. Permitting the site to be iframed by other origins, as discussed in GHSA-935v-rmg9-44mw, renders this exploit substantially covert since a malicious website can obfuscate the compromise strategy in the background. However, even without this, the attacker can still send the `auth_callback` link directly to the victim user. To mitigate this issue, Cure53 advises modifying the WebSocket code’s authentication flow. An optimal implementation in this regard would not trust the `hassUrl` passed in by a GET parameter. Cure53 must stipulate the significant time required of the Cure53 consultants to identify an XSS vector, despite holding full control over the WebSocket responses. In many areas, data from the WebSocket was properly sanitized, which hinders post-exploitation. The audit team eventually detected the `js_url` for custom panels, though generally, the frontend exhibited reasonable security hardening. This issue has been addressed in Home Assistant Core version 2023.8.0 and in]]> 2023-10-19T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41896 www.secnews.physaphae.fr/article.php?IdArticle=8397960 False None None None CVE Liste - Common Vulnerability Exposure TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE\'s unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been inserted into the editor and a notification to have been triggered. When a notification was opened, the HTML within the text argument was displayed unfiltered in the notification. The vulnerability allowed arbitrary JavaScript execution when an notification presented in the TinyMCE UI for the current user. This issue could also be exploited by any integration which uses a TinyMCE notification to display unfiltered HTML content. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring that the HTML displayed in the notification is sanitized, preventing the exploit. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-19T22:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45819 www.secnews.physaphae.fr/article.php?IdArticle=8397977 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ArchiveBox is an open source self-hosted web archiving system. Any users who are using the `wget` extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to target your ArchiveBox instance. Malicious Javascript could potentially act using your logged-in admin credentials and add/remove/modify snapshots, add/remove/modify ArchiveBox users, and generally do anything an admin user could do. The impact is less severe for non-logged-in users, as malicious Javascript cannot *modify* any archives, but it can still *read* all the other archived content by fetching the snapshot index and iterating through it. Because all of ArchiveBox\'s archived content is served from the same host and port as the admin panel, when archived pages are viewed the JS executes in the same context as all the other archived pages (and the admin panel), defeating most of the browser\'s usual CORS/CSRF security protections and leading to this issue. A patch is being developed in https://github.com/ArchiveBox/ArchiveBox/issues/239. As a mitigation for this issue would be to disable the wget extractor by setting `archivebox config --set SAVE_WGET=False`, ensure you are always logged out, or serve only a [static HTML version](https://github.com/ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archive#2-export-and-host-it-as-static-html) of your archive.]]> 2023-10-19T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45815 www.secnews.physaphae.fr/article.php?IdArticle=8397975 False None None None CVE Liste - Common Vulnerability Exposure TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser\'s native [DOMParser API](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser) (TinyMCE 6) or the SaxParser API (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using node-level manipulation instead of string manipulation. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-19T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45818 www.secnews.physaphae.fr/article.php?IdArticle=8397976 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.]]> 2023-10-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43344 www.secnews.physaphae.fr/article.php?IdArticle=8397967 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.]]> 2023-10-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43341 www.secnews.physaphae.fr/article.php?IdArticle=8397965 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.]]> 2023-10-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43342 www.secnews.physaphae.fr/article.php?IdArticle=8397966 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.]]> 2023-10-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43359 www.secnews.physaphae.fr/article.php?IdArticle=8397969 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There\'s a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display.]]> 2023-10-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45279 www.secnews.physaphae.fr/article.php?IdArticle=8397973 False None None None CVE Liste - Common Vulnerability Exposure Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There\'s a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.]]> 2023-10-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45280 www.secnews.physaphae.fr/article.php?IdArticle=8397974 False None None None CVE Liste - Common Vulnerability Exposure Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py]]> 2023-10-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44690 www.secnews.physaphae.fr/article.php?IdArticle=8397972 False None None None CVE Liste - Common Vulnerability Exposure Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.]]> 2023-10-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43875 www.secnews.physaphae.fr/article.php?IdArticle=8397970 False Vulnerability None None