6 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Theme Freesia Edge permite almacenar XSS. Este problema afecta a Edge: desde n/a hasta 2.0.9. The Edge theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/edge/wordpress-edge-theme-2-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The Magazine Edge theme for WordPress is vulnerable to authorization bypass in versions up to, and including 1.13, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins. • CWE-862: Missing Authorization •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. slimerjs-edge es un wrapper npm para instalar la versión bleeding edge de slimerjs. slimerjs-edge descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. Podría ser posible provocar la ejecución remota de código (RCE) cambiando el binario solicitado por otro controlado por el atacante si éste están en la red o posicionado entre el usuario y el servidor remoto. • https://nodesecurity.io/advisories/243 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. Vulnerabilidad de inyección SQL en artreplydelete.asp de ASP EDGE 1.3a y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie "nombre de usuario", vector distinto a CVE-2007-0560. • http://osvdb.org/36634 http://www.vupen.com/english/advisories/2007/0341 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. Vulnerabilidad de inyección SQL en user.asp de ASP EDGE 1.2b y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro user. • https://www.exploit-db.com/exploits/3186 http://osvdb.org/31619 http://secunia.com/advisories/23894 http://www.securityfocus.com/archive/1/458058/100/100/threaded http://www.securityfocus.com/bid/22212 http://www.vupen.com/english/advisories/2007/0341 https://exchange.xforce.ibmcloud.com/vulnerabilities/31723 •