CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3085 – X-WRT luci 404 Error Template dispatcher.uc run_action cross site scripting
https://notcve.org/view.php?id=CVE-2023-3085
A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. • https://github.com/x-wrt/luci/commit/24d7da2416b9ab246825c33c213fe939a89b369c https://github.com/x-wrt/luci/releases/tag/22.10_b202303121313 https://vuldb.com/?ctiid.230663 https://vuldb.com/?id.230663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29724
https://notcve.org/view.php?id=CVE-2023-29724
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. • http://bungaakpstudio007.com https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29724/CVE%20detail.md •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29725
https://notcve.org/view.php?id=CVE-2023-29725
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack. La aplicación BT21 x BTS Wallpaper v12 para Android permite que aplicaciones no autorizadas soliciten activamente permisos para insertar datos en la base de datos que registra información sobre las preferencias personales de un usuario y que se cargará en la memoria para ser leída y utilizada cuando se abra la aplicación. Al inyectar datos, el atacante puede forzar a la aplicación a cargar URLs de imágenes maliciosas y mostrarlas en la interfaz de usuario. • http://bungaakpstudio007.com https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md https://play.google.com/store/apps/details?id=com.cuiet.blockCalls •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28382
https://notcve.org/view.php?id=CVE-2023-28382
Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1 • https://customer.et-x.jp/app/answers/detail/a_id/2260 https://jvn.jp/en/jp/JVN19243534 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23867 – WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23867
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin <= 0.8.6 versions. The Button Builder – Buttons X plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the btnsx shortcode in versions up to, and including, 0.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers , with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/buttons-x/wordpress-button-builder-buttons-x-plugin-0-8-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •