33 results (0.015 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4. The WappPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-basic-plugin-6-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. La vulnerabilidad de EvilVideo permite enviar aplicaciones maliciosas disfrazadas de videos en la aplicación Telegram para Android que afecta las versiones 10.14.4 y anteriores. • https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android • CWE-20: Improper Input Validation •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en WappPress Team WappPress. Este problema afecta a WappPress: desde n/a hasta 6.0.4. The WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-6-0-4-blind-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WappPress Team WappPress. Este problema afecta a WappPress: desde n/a hasta 5.0.3. The WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-5-0-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. • https://code.samourai.io/wallet/samourai-wallet-android/-/blob/develop/app/src/main/java/com/samourai/wallet/PinEntryActivity.java#L302 https://vrls.ws/posts/2021/08/samourai-wallet-bitcoin-pin-authentication-bypass-crypto • CWE-521: Weak Password Requirements •