CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7343 – Baidu UEditor cross site scripting
https://notcve.org/view.php?id=CVE-2024-7343
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. • https://github.com/Hebing123/cve/issues/63 https://vuldb.com/?ctiid.273274 https://vuldb.com/?id.273274 https://vuldb.com/?submit.380151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7342 – Baidu UEditor unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7342
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. • https://github.com/Hebing123/cve/issues/62 https://vuldb.com/?ctiid.273273 https://vuldb.com/?id.273273 https://vuldb.com/?submit.380092 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29183 – OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login
https://notcve.org/view.php?id=CVE-2024-29183
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account. OpenRASP es una solución RASP que integra directamente su motor de protección en el servidor de aplicaciones mediante instrumentación. Existe un XSS reflejado en la página /login debido a un reflejo del parámetro de redirección. • https://github.com/baidu/openrasp/commit/240fde3901c7a36aaade3683ffd5c89140a535fb https://securitylab.github.com/advisories/GHSL-2023-253_openrasp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48861
https://notcve.org/view.php?id=CVE-2023-48861
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. Vulnerabilidad de secuestro de DLL en TTplayer versión 7.0.2, permite a atacantes locales escalar privilegios y ejecutar código arbitrario a través de urlmon.dll. • https://github.com/xieqiang11/POC4/blob/main/README.md • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31230 – WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31230
Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el generador Haoqisir Baidu Tongji permite almacenar XSS. Este problema afecta al generador Baidu Tongji: desde n/a hasta 1.0.2. The Baidu Tongji generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/baidu-tongji-generator/wordpress-baidu-tongji-generator-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •