Vulnerabilidades

*** Pendiente de traducción *** The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

*** Pendiente de traducción *** The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.

*** Pendiente de traducción *** A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

*** Pendiente de traducción *** The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered <br /> devices on the AirVantage platform when the owner has not disabled the AirVantage Management <br /> Service on the devices or registered the device. This could enable an attacker to configure, manage, <br /> and execute AT commands on an unsuspecting user’s devices.

*** Pendiente de traducción *** An AirVantage online Warranty Checker tool vulnerability could allow an attacker to <br /> perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial <br /> Number in addition to the warranty status when the Serial Number or IMEI is used to look up <br /> warranty status.

*** Pendiente de traducción *** The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the &amp;#39;platform&amp;#39;, &amp;#39;phone&amp;#39;, &amp;#39;email&amp;#39;, and &amp;#39;store_url&amp;#39; parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

*** Pendiente de traducción *** A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall (AIWAF)

*** Pendiente de traducción *** A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

*** Pendiente de traducción *** A command injection is possible through the user interface, allowing arbitrary command execution as <br /> the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. <br /> <br /> MG90 running MGOS 4.2.1 or earlier is affected.

*** Pendiente de traducción *** systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. This issue has been addressed in version 5.23.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

*** Pendiente de traducción *** vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker&amp;#39;s account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization&amp;#39;s UUID and the target group&amp;#39;s UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization&amp;#39;s data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn&amp;#39;t normally have access to. For attackers that aren&amp;#39;t part of the organization, this shouldn&amp;#39;t lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it&amp;#39;s not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server.

*** Pendiente de traducción *** grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript:` scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1. Users are advised to upgrade. Users unable to upgrade should avoid visiting documents or forms prepared by people they do not trust.