CyberSecurityBoard
Sponsor Register Login

CVE-2023-2324

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Publication date: Tue, 04 Jul 2023 13:15:00 +0000


Cyber News related to CVE-2023-2324

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
2 years ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
2 years ago Microsoft.com
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
Multiple Flaws in Dell PowerProtect Products Execute Commands - Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing. The severity for these vulnerabilities ranges between 4.3 ...
2 years ago Cybersecuritynews.com CVE-2023-44286 CVE-2023-44284 CVE-2023-48668 CVE-2023-44277 CVE-2023-48667 CVE-2023-44279 CVE-2023-44278 CVE-2023-44285
CVE-2025-2324 - Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before ...
9 months ago
CVE-2023-2324 - The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected ...
2 years ago
CVE-2002-2324 - The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local ...
17 years ago
CVE-2005-2324 - Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to (1) results.php or (2) categorysearch.php. ...
17 years ago
CVE-2010-2324 - IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. ...
15 years ago
CVE-2012-2324 - Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP). ...
13 years ago
CVE-2011-2324 - Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC (JDENET). ...
9 years ago
CVE-2017-2324 - A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition. ...
8 years ago
CVE-2004-2324 - SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. ...
8 years ago
CVE-2008-2324 - The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. ...
8 years ago
CVE-2007-2324 - Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. ...
8 years ago
CVE-2009-2324 - Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory. ...
7 years ago
CVE-2006-2324 - 180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS resolution of static.zangocash.com. The only ...
7 years ago
CVE-2015-2324 - Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors. ...
6 years ago
CVE-2013-2324 - Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629. ...
6 years ago
CVE-2019-2324 - When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon ...
6 years ago
CVE-2014-2324 - Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. ...
4 years ago
CVE-2021-2324 - Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Loans And Deposits). Supported versions that are affected are 12.0-12.4, 14.0-14.4 and . Easily exploitable vulnerability allows low ...
4 years ago
CVE-2022-2324 - Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions ...
3 years ago
CVE-2016-2324 - Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)