CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2024-37237 – FS Poster <= 6.5.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-37237
The FS Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.5.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29121 – WordPress WooCommerce License Manager plugin <= 5.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29121
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firassaidi WooCommerce License Manager allows Reflected XSS.This issue affects WooCommerce License Manager: from n/a through 5.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Firassaidi WooCommerce License Manager permite Reflected XSS. Este problema afecta a WooCommerce License Manager: desde n/a hasta 5.3.1. The WooCommerce License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/fs-license-manager/wordpress-woocommerce-license-manager-plugin-5-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-30350 – FS-S3900-24T4S - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-30350
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password. FS-S3900-24T4S suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/51414 http://packetstormsecurity.com/files/172124/FS-S3900-24T4S-Privilege-Escalation.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4400 – zbl1996 FS-Blog Title cross site scripting
https://notcve.org/view.php?id=CVE-2022-4400
A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-215267. • https://gitee.com/zbl1996/FS-Blog/issues/I5Y6ZQ https://vuldb.com/?id.215267 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8298
https://notcve.org/view.php?id=CVE-2020-8298
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods. El módulo de nodo fs-path versión anterior a 0.0.25, es vulnerable a la inyección de comandos mediante entradas suministradas por el usuario por medio de los métodos "copy", "copySync", "remove" y "removeSync" • https://github.com/pillys/fs-path/commit/88ff5ee51046bb2c5d5e9c5afe6819b032092ce7 https://github.com/pillys/fs-path/pull/6 https://hackerone.com/reports/324491 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •