CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3016 – yiwent Vip Video Analysis admincore.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-3016
A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/admincore.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/VIP-video-analysis/XSS.md https://vuldb.com/?ctiid.230360 https://vuldb.com/?id.230360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3015 – yiwent Vip Video Analysis title.php server-side request forgery
https://notcve.org/view.php?id=CVE-2023-3015
A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/VIP-video-analysis/SSRF.md https://vuldb.com/?ctiid.230359 https://vuldb.com/?id.230359 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29747
https://notcve.org/view.php?id=CVE-2023-29747
Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions. • https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29747/CVE%20detail.md https://www.instagram.com/nihans_macrame •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45823 – WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-45823
Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions. The Video Contest WordPress Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions on behalf of a site's administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/video-contest/wordpress-video-contest-wordpress-plugin-plugin-3-2-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2023-1408 – Video List Manager <= 1.7 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2023-1408
The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin The Video List Manager plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wpscan.com/vulnerability/baf7ef4d-b2ba-48e0-9c17-74fa27e0c15b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •