9 matches found
EUVD-2023-52812
Malicious code in bioql PyPI...
CVE-2023-48779
Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through = 1.7.11...
CVE-2024-12271 360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting
The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-12271 360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting
The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
360 Javascript Viewer < 1.7.30 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-48779
Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through = 1.7.11...
PT-2024-13650 · Unknown · 360 Javascript Viewer
Name of the Vulnerable Software and Affected Versions: 360 Javascript Viewer versions 1.7.11 and earlier Description: The issue affects the 360 Javascript Viewer due to missing authorization, allowing exploitation of incorrectly configured access control security levels. Recommendations: For...
WordPress 360 Javascript Viewer Plugin <= 1.7.11 is vulnerable to Broken Access Control
Software 360 Javascript Viewer Type Plugin Vulnerable versions = 1.7.11 Fixed in 1.7.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-48779 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 961ea4addc67 Credits Abdi Pranata Requir...
WordPress 360 Javascript Viewer Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)
Software 360 Javascript Viewer Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 954a4a07facd Credits Rafie Muhammad Patchstack...