Page 264 of 8664 results (0.033 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. El complemento Photospace Responsive para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a través del parámetro 'psres_button_size' en versiones hasta la 2.1.1 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • sfp_email=&sfph_mail=&reponame=&new=2966110%40photospace-responsive%2Ftrunk&old=2875667%40photospace-responsive%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

Processing a font file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213599 https://support.apple.com/en-us/HT213601 https://support.apple.com/en-us/HT213605 https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213842 https://support.apple.com/en-us/HT213844 https://support.apple.com/en-us/HT213845 •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb19-55.html • CWE-416: Use After Free •

CVSS: 7.8EPSS: 6%CPEs: 10EXPL: 0

Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb19-55.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs. La aplicación Imou Life com.mm.android.smartlifeiot hasta 6.8.0 para Android permite la ejecución remota de código a través de una intención manipulada para un componente exportado. Esto se relaciona con la actividad com.mm.android.easy4ip.MainActivity. • https://github.com/actuator/cve/blob/main/CVE-2023-42470 https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md https://github.com/actuator/imou/blob/main/poc.apk • CWE-94: Improper Control of Generation of Code ('Code Injection') •