CVE-2022-4217

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to...

CVE-2022-4217

The CVE-2022-4217 entry concerns the WordPress plugin Chained Quiz. Affected versions are up to and including 1.3.2.2 and the root cause is insufficient input sanitization and output escaping in the api_key parameter. This enables stored cross-site scripting (XSS), where authenticated administrat...

WordPress plugin Chained Quiz 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

D4TA-HUNTER - GUI Osint Framework With Kali Linux

D4TA-HUNTER is a tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking. In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees,...

Paytium < 4.3.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Playtium » Settings and in the 'Test'...

CVE-2022-46155

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

CVE-2022-46155

Summary: CVE-2022-46155 describes a misconfiguration in Airtable.js prior to 0.11.6 where the build script would bundle AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL into the transpiled bundle when building from source. This affects copies built from source (not npm/yarn-installed packages) if the u...

PT-2022-27772 · Airtable · Airtable.Js

Name of the Vulnerable Software and Affected Versions: Airtable.js versions prior to 0.11.6 Description: The issue arises from a misconfigured build script in the Airtable.js source package, which bundles environment variables into the build target of a transpiled bundle. Specifically, the AIRTAB...

Airtable.js 安全漏洞

Airtable.js is Airtable open source an Airtable javascript client . Provides a simple way to access the data . A misconfiguration vulnerability exists in Airtable.js versions prior to 0.11.6 that stems from a misconfiguration in a script that binds environment variables to the build target of a...

CVE-2022-3691 DeepL Pro API Translation < 1.7.5 - API Key Disclosure

The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information including the DeepL API key in files that are publicly accessible to an external, unauthenticated visitor...

Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Youtube API Key...

AMBER AI: Support Portal Takeover via Leaked API KEY

Thanks @khizer47 for the report. Insecure zendesk API token hardcoded in JS file, causing Support portals to lose control of administrator rights. We removed dangerous token and controlled permissions by using more secure OAuth token. An API key & associated Email was Hardcoded into a JS file...

FreeBSD : Gitlab -- Multiple vulnerabilities (16f7ec68-5cce-11ed-9be7-454b1dd82c64)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 16f7ec68-5cce-11ed-9be7-454b1dd82c64 advisory. - Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS wit...

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

Authentication flaw

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

PT-2022-17478 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue concerns Octopus Server versions where access is managed by an external authentication provider. In these versions, it was possible for the API key/keys of a disabled or...

CVE-2022-2572

CVE-2022-2572 affects Octopus Server when authentication is managed by an external provider. The issue: API keys of disabled/deleted users remain valid after access is revoked, enabling potential unauthorized use. Documented impact is high (CVSS 3.1: CRITICAL, 9.8), with network attack vector, no...

WordPress DeepL Pro API Translation plugin <= 1.7.4 - API Key Disclosure vulnerability

API Key Disclosure vulnerability discovered by Raad Haddad Cloudyrion GmbH in the WordPress DeepL Pro API Translation plugin versions = 1.7.4. Solution Update the WordPress DeepL Pro API translation plugin to the latest available version at least 1.7.5...

CVE-2022-3018

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs...

Information disclosure

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs...