Page 262 of 8664 results (0.021 seconds)

CVSS: 10.0EPSS: 90%CPEs: 1EXPL: 3

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15. Craft CMS es una plataforma para crear experiencias digitales. • https://github.com/zaenhaxor/CVE-2023-41892 https://github.com/acesoyeo/CVE-2023-41892 https://github.com/CERTologists/HTTP-Request-for-PHP-object-injection-attack-on-CVE-2023-41892 http://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857 https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Las versiones 12.3 y anteriores de Adobe Connect se ven afectadas por una vulnerabilidad Cross-Site Scripting (XSS) Reflejada. Si un atacante puede convencer a una víctima para que visite una URL que haga referencia a una página vulnerable, se puede ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la víctima. • https://helpx.adobe.com/security/products/connect/apsb23-33.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Las versiones 12.3 y anteriores de Adobe Connect se ven afectadas por una vulnerabilidad Cross-Site Scripting (XSS) Reflejada. Si un atacante puede convencer a una víctima para que visite una URL que haga referencia a una página vulnerable, se puede ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la víctima. • https://helpx.adobe.com/security/products/connect/apsb23-33.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0

Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-34.html • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf • CWE-922: Insecure Storage of Sensitive Information •