4 matches found
CVE-2021-24559
creationtimestamp| type| source ---|---|--- 2024-01-23 21:16:32+00:00| seen| https://t.me/ctinow/172300 2024-02-06 14:46:25+00:00| seen| https://t.me/ctinow/180022...
CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS
The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...
CVE-2021-24559
The CVE concerns the Qyrr WordPress plugin prior to version 0.7. The vulnerability stems from two issues: (1) the plugin does not escape the data-uri of the QR Code when outputting it in a src attribute, enabling Cross-Site Scripting, and (2) the data_uri_to_meta AJAX action lacks robust CSRF pro...
CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS
The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...