2 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period. El complemento CraftCMS Autenticación de dos factores hasta 3.3.3 permite la reutilización de tokens TOTP varias veces dentro del período de validez. • http://www.openwall.com/lists/oss-security/2024/06/06/2 https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4 https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use https://plugins.craftcms.com/two-factor-authentication?craft4 • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5. El componente clockwork-test-message.php en Clockwork SMS tiene una vulnerabilidad Cross-Site Scripting (XSS) a través de un parámetro "to" manipulado en una petición clockwork-test-message en wp-admin/admin.php. Este código de componente se encuentra en los siguientes plugins de WordPress: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2 y WP e-Commerce - Clockwork SMS 2.0.5. • https://packetstormsecurity.com/files/145469/Clockwork-SMS-Cross-Site-Scripting.html https://plugins.trac.wordpress.org/changeset/1781424/clockwork-two-factor-authentication/trunk/templates/clockwork-test-message.php?old=706348&old_path=clockwork-two-factor-authentication%2Ftrunk%2Ftemplates%2Fclockwork-test-message.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •