Code injection

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

UBUNTU-CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

CVE-2021-22170

CVE-2021-22170 concerns GitLab 11.6+ where nonce reuse in the database encryption enables an attacker to decrypt some of the database’s encrypted content. Root cause: repeated nonces in encryption. Impact: partial confidentiality loss of data; no integrity/availability changes stated. Connected s...

CVE-2021-22170

Removed by vendor...

GitLab 加密问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An encryption issue vulnerability exists in GitLab 11.6+, assuming that the...

PT-2021-14885 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.6 and later Description: The issue allows an attacker to decrypt some of the database's encrypted content, assuming a database breach has occurred. This is due to nonce reuse issues. Recommendations: For GitLab versions 11....

CVE-2021-42364

The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6...

CVE-2021-42358

The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the /cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2...

CVE-2021-42364

The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6...

CVE-2021-42358

The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the /cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2...

CVE-2021-42364 Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6...

CVE-2021-42364

The CVE-2021-42364 entry maps to the WordPress Stetic plugin vulnerability, where Cross-Site Request Forgery arises from missing nonce validation in the stats_page function of stetic.php. Affected versions are up to 1.0.6, enabling attackers to inject arbitrary web scripts (Stored XSS). Several c...

CVE-2021-42358

The WordPress plugin “Contact Form With Captcha” is vulnerable to Cross-Site Request Forgery (CSRF) due to missing nonce validation in the cfwc-form.php submission path, affecting versions up to 1.6.2. Connected sources corroborate this CSRF flaw and note the vulnerability can enable injection of...

CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

WordPress 插件 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin Contact Form With Captcha 1.6.2 and its...

Stetic < 1.0.9 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts. The CSRF issue has been fixed in 1.0.7, while sanitisation and escaping have been...

WordPress 插件 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin Stetic 1.0.6 and its previous versions...