CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Faq_builder, Image_slider, Personal_dictionary, Photo_gallery, Poll_maker, Popup_box, Popup_like_box, Portfolio_responsive_gallery, Quiz_maker, Secure_copy_content_protection_and_content_locking
2023-01-09
N/A
6.1 MEDIUM
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
The JetWidgets For Elementor WordPress plugin through 1.0.13 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated as problematic. This issue affects some unknown processing of the component Telnet Service. The manipulation leads to denial of service. The attack may be initiated remotely. The identifier VDB-217169 was assigned to this vulnerability.
Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.
3d_visual_enterprise_author, 3d_visual_enterprise_viewer, Abap_platform, Abap_platform_kernel, Access_control, Activex_viewer, Adaptive_extensions, Adaptive_server_enterprise, Adaptive_server_enterprise_backup_server, Adaptive_server_enterprise_cockpit
2023-02-21
N/A
5.4 MEDIUM
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources.
3d_visual_enterprise_author, 3d_visual_enterprise_viewer, Abap_platform, Abap_platform_kernel, Access_control, Activex_viewer, Adaptive_extensions, Adaptive_server_enterprise, Adaptive_server_enterprise_backup_server, Adaptive_server_enterprise_cockpit
2023-02-21
N/A
5.4 MEDIUM
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.
3d_visual_enterprise_author, 3d_visual_enterprise_viewer, Abap_platform, Abap_platform_kernel, Access_control, Activex_viewer, Adaptive_extensions, Adaptive_server_enterprise, Adaptive_server_enterprise_backup_server, Adaptive_server_enterprise_cockpit
2023-01-13
N/A
5.7 MEDIUM
In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application.