National Vulnerability Database – Page 17

CVE-2023-46449 (inventory_management_system)

Posted on October 26, 2023 by National Vulnerability Database

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. Continue reading CVE-2023-46449 (inventory_management_system)→

CVE-2023-46076 (woocommerce_pdf_invoice_builder)

Posted on October 26, 2023 by National Vulnerability Database

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <=Â 1.2.102 versions. Continue reading CVE-2023-46076 (woocommerce_pdf_invoice_builder)→

CVE-2023-46077 (the_awesome_feed)

Posted on October 26, 2023 by National Vulnerability Database

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed â€“ Custom Feed plugin <=Â 2.2.5 versions. Continue reading CVE-2023-46077 (the_awesome_feed)→

CVE-2023-46081 (lava_directory_manager)

Posted on October 26, 2023 by National Vulnerability Database

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <=Â 1.1.34 versions. Continue reading CVE-2023-46081 (lava_directory_manager)→

CVE-2023-32116 (custom_post_types)

Posted on October 26, 2023 by National Vulnerability Database

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <=Â 4.0.12 versions. Continue reading CVE-2023-32116 (custom_post_types)→

CVE-2023-30492 (minimum_purchase_for_woocommerce)

Posted on October 26, 2023 by National Vulnerability Database

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <=Â 2.0.0.1 versions. Continue reading CVE-2023-30492 (minimum_purchase_for_woocommerce)→

CVE-2023-46074 (freshmail_for_wordpress)

Posted on October 26, 2023 by National Vulnerability Database

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <=Â 2.3.2 versions. Continue reading CVE-2023-46074 (freshmail_for_wordpress)→

CVE-2023-5802 (wp_knowledgebase)

Posted on October 26, 2023 by National Vulnerability Database

Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin â€“ WP Knowledgebase plugin <=Â 1.3.4 versions. Continue reading CVE-2023-5802 (wp_knowledgebase)→

CVE-2023-31422 (kibana)

Posted on October 26, 2023 by National Vulnerability Database

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta… Continue reading CVE-2023-31422 (kibana)→

CVE-2023-43906 (xolo_cms)

Posted on October 26, 2023 by National Vulnerability Database

Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. Continue reading CVE-2023-43906 (xolo_cms)→