CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7343 – Baidu UEditor cross site scripting
https://notcve.org/view.php?id=CVE-2024-7343
01 Aug 2024 — A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. • https://github.com/Hebing123/cve/issues/63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7342 – Baidu UEditor unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7342
01 Aug 2024 — A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. • https://github.com/Hebing123/cve/issues/62 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29183 – OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login
https://notcve.org/view.php?id=CVE-2024-29183
19 Apr 2024 — OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account. OpenRASP es una solución RASP que integra directamente su motor de protección en el servidor de aplicaciones mediante instrumentación. Existe un XSS reflejado en la ... • https://github.com/baidu/openrasp/commit/240fde3901c7a36aaade3683ffd5c89140a535fb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48861
https://notcve.org/view.php?id=CVE-2023-48861
07 Dec 2023 — DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. Vulnerabilidad de secuestro de DLL en TTplayer versión 7.0.2, permite a atacantes locales escalar privilegios y ejecutar código arbitrario a través de urlmon.dll. • https://github.com/xieqiang11/POC4/blob/main/README.md • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31230 – WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31230
04 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el generador Haoqisir Baidu Tongji permite almacenar XSS. Este problema afecta al generador Baidu Tongji: desde n/a hasta 1.0.2. The Baidu Tongji generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing or i... • https://patchstack.com/database/vulnerability/baidu-tongji-generator/wordpress-baidu-tongji-generator-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31233 – WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-31233
18 May 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions. The Baidu Tongji generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user a... • https://patchstack.com/database/vulnerability/baidu-tongji-generator/wordpress-baidu-tongji-generator-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30637
https://notcve.org/view.php?id=CVE-2023-30637
13 Apr 2023 — Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected. • https://github.com/baidu/braft/issues/393 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25796 – WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25796
15 Feb 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions. The WP BaiDu Submit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an inj... • https://patchstack.com/database/vulnerability/wp-baidu-submit/wordpress-wp-baidu-submit-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36631
https://notcve.org/view.php?id=CVE-2021-36631
22 Dec 2022 — Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. • https://github.com/shigophilo/CVE/blob/main/Baidunetdisk%20Version%207.4.3%20dll%20hijack.md • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31830
https://notcve.org/view.php?id=CVE-2022-31830
09 Jun 2022 — Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. Se ha detectado que Kity Minder versión v1.3.5, contiene una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) por medio de la función init en el archivo ImageCapture.class.php • https://github.com/fex-team/kityminder/issues/345 • CWE-918: Server-Side Request Forgery (SSRF) •