CyberSecurityBoard
Sponsor Register Login

CVE-2023-0152

The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Publication date: Mon, 05 Jun 2023 19:15:00 +0000


Cyber News related to CVE-2023-0152

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
10 months ago Tenable.com
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
1 year ago Microsoft.com
CVE-2023-0152 - The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above ...
1 year ago
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
CVE-2022-0152 - An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some ...
3 years ago
CVE-2021-0152 - Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of service via local access. ...
3 years ago
CVE-2003-0152 - Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. ...
16 years ago
CVE-2005-0152 - PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." ...
16 years ago
CVE-2000-0152 - Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000. ...
16 years ago
CVE-2008-0152 - SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not ...
13 years ago
CVE-2013-0152 - Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled. ...
11 years ago
CVE-2004-0152 - Multiple stack-based buffer overflows in (1) the encode_mime function, (2) the encode_uuencode function, (3) or the decode_uuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing ...
7 years ago
CVE-2006-0152 - Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained ...
7 years ago
CVE-2017-0152 - A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary ...
7 years ago
CVE-2009-0152 - iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by ...
7 years ago
CVE-2011-0152 - WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different ...
7 years ago
CVE-2010-0152 - Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML ...
6 years ago
CVE-2001-0152 - The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. ...
6 years ago
CVE-2002-0152 - Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet ...
6 years ago
CVE-2016-0152 - Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution ...
6 years ago
CVE-2007-0152 - OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb. ...
6 years ago
CVE-2019-0152 - Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. ...
5 years ago
CVE-2020-0152 - In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for ...
4 years ago
CVE-2012-0152 - The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)