Description
The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its “Logo Title” setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/75abd073-b45f-4fe6-8501-7a6d0163f78d
CVE-2023-23560 Description In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. Base Score: Critical https://support.lexmark.com/alerts/ ___________________________________ CVE-2016-9244 Description A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may […]
CVE-2023-22417 Description A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the […]
CVE-2013-0880 Description Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. Base Score: 7.5 HIGH http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
Leave a Reply