CVE-2023-1869

The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Publication date: Wed, 05 Apr 2023 19:15:00 +0000

Cyber News related to CVE-2023-1869

CVE-2013-1870 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1869. Reason: This candidate is a reservation duplicate of CVE-2013-1869. Notes: All CVE users should reference CVE-2013-1869 instead of this candidate. All references and ...
55 years ago Tenable.com

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
9 months ago Tenable.com

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
1 year ago Microsoft.com

Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
11 months ago Securelist.com

CVE-2023-1869 - The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ...
1 year ago

Multiple Flaws in Dell PowerProtect Products Execute Commands - Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing. The severity for these vulnerabilities ranges between 4.3 ...
1 year ago Cybersecuritynews.com CVE-2023-44286 CVE-2023-44284 CVE-2023-48668 CVE-2023-44277 CVE-2023-48667 CVE-2023-44279 CVE-2023-44278 CVE-2023-44285

CVE-2006-5904 - Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) ...
6 years ago

CVE-2013-1869 - CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via ...
3 years ago

CVE-2002-1869 - Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's ...
1 year ago

CVE-2005-1869 - PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter. ...
16 years ago

CVE-2004-1869 - Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes ...
7 years ago

CVE-2014-1869 - Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF ...
7 years ago

CVE-2008-1869 - SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific. ...
7 years ago

CVE-2009-1869 - Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly ...
6 years ago

CVE-2010-1869 - Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. ...
6 years ago

CVE-2007-1869 - lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. ...
6 years ago

CVE-2006-1869 - Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04. ...
6 years ago

CVE-2011-1869 - The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a ...
6 years ago

CVE-2013-2345 - Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869. ...
5 years ago

CVE-2019-1869 - A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a ...
5 years ago

CVE-2022-1869 - Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ...
2 years ago

CVE-2015-1869 - The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. ...
2 years ago

CVE-2012-1869 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none ...
55 years ago Tenable.com

CVE-2017-1869 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com

CVE-2023-1869

Cyber News related to CVE-2023-1869

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)