CVE-2024-3887

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Publication date: Thu, 16 May 2024 14:15:00 +0000


Cyber News related to CVE-2024-3887

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
5 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
CVE-2024-3887 - The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user ...
9 months ago
CVE-2014-3887 - Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an ...
7 years ago
CVE-2019-3887 - A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' ...
1 year ago
CVE-2010-3887 - The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by ...
14 years ago
CVE-2012-3887 - AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as ...
12 years ago
CVE-2005-3887 - Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of ...
7 years ago
CVE-2006-3887 - Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. ...
7 years ago
CVE-2007-3887 - Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta fields. NOTE: these probably ...
7 years ago
CVE-2008-3887 - Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute ...
7 years ago
CVE-2016-3887 - providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug ...
7 years ago
CVE-2015-3887 - Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path. ...
7 years ago
CVE-2017-3887 - A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process ...
5 years ago
CVE-2009-3887 - ytnef has directory traversal ...
5 years ago
CVE-2020-3887 - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be ...
4 years ago
CVE-2011-3887 - Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. ...
4 years ago
CVE-2013-3887 - The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local ...
4 years ago
CVE-2022-3887 - Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) ...
2 years ago
CVE-2018-3887 - A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can ...
2 years ago
CVE-2023-3887 - A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument ...
1 year ago
CVE-2021-3887 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none ...
1 year ago
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
9 months ago Tenable.com
The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
1 year ago Securityboulevard.com

Cyber Trends (last 7 days)