CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23699 – WordPress Progress Bar Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23699
24 Apr 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Reynolds Progress Bar plugin <= 2.2.1 versions. The Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppb' shortcode in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on the user-supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages th... • https://patchstack.com/database/vulnerability/progress-bar/wordpress-progress-bar-plugin-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2007-2417
https://notcve.org/view.php?id=CVE-2007-2417
15 Jul 2007 — Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. Desbordamiento de búfer basado en montículo en _mprosrv.exe de Progress Software Progress 9.1E y OpenEdge 10.1.x, como se usan en RSA Authentication Manager 6.0 y 6.1, SecurI... • http://dvlabs.tippingpoint.com/advisory/TPTI-07-12 •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 2CVE-2007-2506 – Progress WebSpeed 3.0/3.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2007-2506
04 May 2007 — WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. WebSpeed 3.x de OpenEdge 10.x en Progress Software Progress 9.1e, y otras versiones concretas 9.x, permite a atacantes remotos provocar una denegación d... • https://www.exploit-db.com/exploits/29943 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1129
https://notcve.org/view.php?id=CVE-2001-1129
02 Nov 2001 — Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. • http://www.securityfocus.com/archive/1/224395 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1128
https://notcve.org/view.php?id=CVE-2001-1128
08 Oct 2001 — Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. • http://www.securityfocus.com/archive/1/219174 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2001-1127 – Progress Database 8.3/9.1 - Multiple Buffer Overflows
https://notcve.org/view.php?id=CVE-2001-1127
05 Oct 2001 — Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. • https://www.exploit-db.com/exploits/21117 •