6.4
CVE-2024-1814 - Spectra β WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scrβ¦
The Spectra β WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fβ¦
6.4
CVE-2024-3997 - Prime Slider β Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14β¦
The Prime Slider β Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output escapinβ¦
6.4
CVE-2024-4575 - LayerSlider 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ls_search_form Shβ¦
The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ls_search_form shortcode in version 7.11.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-β¦
6.4
CVE-2024-1815 - Spectra β WordPress Gutenberg Blocks <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scrβ¦
The Spectra β WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibleβ¦
4.3
CVE-2023-6502 - Inefficient Regular Expression Complexity in GitLab
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page.
5.4
CVE-2023-7045 - Cross-Site Request Forgery (CSRF) in GitLab
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).
4.3
CVE-2024-1947 - Improper Handling of Highly Compressed Data (Data Amplification) in GitLab
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.
4.4
CVE-2024-5258 - Authorization Bypass Through User-Controlled Key in GitLab
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic.
6.5
CVE-2024-5165 - Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input
In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputsβ¦
8.8
CVE-2024-4779 - Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[pβ¦
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the βdata[post_ids][0]β parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatiβ¦