Page 222 of 8664 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4. Neutralización inadecuada de etiquetas HTML relacionadas con secuencias de comandos en una página web (la vulnerabilidad XSS básica en Crocoblock JetFormBuilder permite la inyección de código. Este problema afecta a JetFormBuilder: desde n/a hasta 3.1.4. The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to content injection in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to inject content onto the site. • https://patchstack.com/database/vulnerability/jetformbuilder/wordpress-jetformbuilder-plugin-3-1-4-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack. • https://github.com/louiselalanne/CVE-2023-49314 https://asana.com/pt/download https://github.com/electron/fuses https://github.com/r3ggi/electroniz3r https://www.electronjs.org/blog/statement-run-as-node-cves https://www.electronjs.org/docs/latest/tutorial/fuses • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data. Una vulnerabilidad de inyección dylib en XMachOViewer 0.04 permite a los atacantes comprometer la integridad. Al explotar esto, se puede inyectar código no autorizado en los procesos del producto, lo que podría provocar control remoto y acceso no autorizado a datos confidenciales del usuario. • https://github.com/louiselalanne/CVE-2023-49313 https://github.com/horsicq/XMachOViewer • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. El complemento Asgaros Forum de WordPress anterior a 2.7.1 permite a los administradores del foro, que pueden no ser (super)administradores de WordPress, establecer una configuración insegura que permite a usuarios no autenticados cargar archivos peligrosos (por ejemplo, .php, .phtml), lo que podría generar una ejecución remota de código. The Asgaros Forum plugin for WordPress is vulnerable to unauthorized control of the plugin's settings due to an insufficient capability check on the forum options update in all versions up to 2.7.1 (exclusive). This makes it possible for authenticated attackers, with administrator-level access and above, to modify the plugin's settings so that they can upload malicious PHP files that can be used for remote code execution. • https://wpscan.com/vulnerability/4ce69d71-87bf-4d95-90f2-63d558c78b69 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1833 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •