CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0209 – Mitsol Social Post Feed < 1.11 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0209
The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin de WordPress Mitsol Social Post Feed antes de la versión 1.11 no escapa de algunas de sus configuraciones antes de devolverlas en atributos, lo que podría permitir a los usuarios con altos privilegios, como los administradores, realizar ataques de Cross-Site Scripting incluso cuando la capacidad unfiltered_html está deshabilitada The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping on the application id parameters. This makes it possible for authenticated (admin+) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled. • https://wpscan.com/vulnerability/1e4af9be-5c88-4a3e-89ff-dd2b1bc131fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24045
https://notcve.org/view.php?id=CVE-2021-24045
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. Una vulnerabilidad de confusión de tipo podría ser desencadenada al resolver el operador unario "typeof" en Facebook Hermes versiones anteriores a v0.10.0. Tenga en cuenta que esto sólo es explotable si la aplicación que usa Hermes permite una evaluación de JavaScript no confiable. • https://github.com/facebook/hermes/commit/55e1b2343f4deb1a1b5726cfe1e23b2068217ff2 https://www.facebook.com/security/advisories/cve-2021-24045 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3556
https://notcve.org/view.php?id=CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0. • https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4 https://hhvm.com/blog/2020/11/12/security-update.html https://www.facebook.com/security/advisories/cve-2019-3556 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39207 – Deserialization of Untrusted Data in parlai
https://notcve.org/view.php?id=CVE-2021-39207
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details. parlai es un marco de trabajo para entrenar y evaluar modelos de IA en una variedad de conjuntos de datos de diálogo disponibles abiertamente. • https://github.com/facebookresearch/ParlAI/commit/4374fa2aba383db6526ab36e939eb1cf8ef99879 https://github.com/facebookresearch/ParlAI/commit/507d066ef432ea27d3e201da08009872a2f37725 https://github.com/facebookresearch/ParlAI/security/advisories/GHSA-m87f-9fvv-2mgg • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 2CVE-2021-24040 – Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai
https://notcve.org/view.php?id=CVE-2021-24040
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. Debido al uso de una lógica de deserialización de YAML no segura, un atacante con la capacidad de modificar los archivos de configuración YAML locales podría proporcionar una entrada maliciosa, resultando en una ejecución de código remota o riesgos similares. Este problema afecta a ParlAI versiones anteriores a v1.1.0 Facebook ParlAI version 1.0.0 suffers from a deserialization vulnerability that can allow for code execution. • https://www.exploit-db.com/exploits/50289 http://packetstormsecurity.com/files/164136/Facebook-ParlAI-1.0.0-Code-Execution-Deserialization.html https://github.com/facebookresearch/ParlAI/releases/tag/v1.1.0 https://github.com/facebookresearch/ParlAI/security/advisories/GHSA-m87f-9fvv-2mgg • CWE-502: Deserialization of Untrusted Data •