CVE-2015-9439

The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthissocialwidget pubid parameter...

addthis.com XSS vulnerability

Open Bug Bounty ID: OBB-707737 Description| Value ---|--- Affected Website:| addthis.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

wersonfuneralhome.com XSS vulnerability

Open Bug Bounty ID: OBB-657893 Description| Value ---|--- Affected Website:| wersonfuneralhome.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

addthis.com Cross Site Request Forgery vulnerability

Open Bug Bounty ID: OBB-531632 Description| Value ---|--- Affected Website:| addthis.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| CSRF Cross-Site Request Forgery / CWE-352 CVSSv3 Score:| 8.8...

WordPress Share Buttons by AddThis plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) Vulnerability

WordPress Share Buttons by AddThis plugin addthisAsyncLoading function doesn’t check for a valid nonce to prevent CSRF. Solution Update the plugin...

PostMessage cross-domain vulnerability-vulnerability warning-the black bar safety net

Note: this article is“millet Security Center”original, reprint please contact the“millet Security Center” Background Value: $3000 Vulnerability cause: postMessage cross-domain vulnerabilities to cause, the use of the websocket receives a user authentication token Original address:...

addthis.com XSS vulnerability

Open Bug Bounty ID: OBB-211975 Description| Value ---|--- Affected Website:| addthis.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Popular applications AddThis presence postMessage XSS vulnerability million sites are affected-vulnerability warning-the black bar safety net

AddThis is a paragraph with more than one million users use the web pages Share button. In the earlier this year is found to existXSSvulnerabilities. In a previous article has described the postMessage API defects. And this article will describe how I identified and then use the AddThis Share...

api.addthis.com XSS vulnerability

Vulnerable URL: http://api.addthis.com/oexchange/0.8/forward/wechat/offer?url=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E=Spam404 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VI...

RCE In AddThis

This vulnerability has been fixed as of July 20, 2016 and is shared with consent from the vendor. If you wish to share the information provided in the write up, provide credit for the original author or contact [email protected] for more info. Timeline of the report 1. July 20, 2016 8:59 AM:...

m.addthis.com Open Redirect vulnerability

Vulnerable URL: https://m.addthis.com/live/redirect/?url=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank...

AddThis Sharing Buttons <= 5.0.12 - Authenticated Cross-Site Scripting (XSS)

The WordPress Share Buttons Plugin – AddThis WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

Smart Website Tools by AddThis 4.0.6-5.0.2 - Stored XSS

The Smart Website Tools by AddThis plugin exposes an AJAX function called 'atasyncloading' in 'addthis/addthis-for-wordpress.php'. Access to this function is restricted to Registered users, however is not restricted to Administrative users, meaning that anyone with an account on the target site c...

Smart Website Tools by AddThis 4.0.6-5.0.2 - Stored XSS

The Smart Website Tools by AddThis plugin exposes an AJAX function called 'atasyncloading' in 'addthis/addthis-for-wordpress.php'. Access to this function is restricted to Registered users, however is not restricted to Administrative users, meaning that anyone with an account on the target site c...

HTML5 Canvas Fingerprint — Widely Used Unstoppable Web Tracking Technology

Till Now we have seen many traditional way of tracking web users, such as using cookies that get saved on user’s system may not be available forever to many companies, but a new method of tracking users has emerged that worked without the use of cookies. From last two years, many websites and...

Cross site scripting

Cross-site scripting XSS vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-1536

Cross-site scripting XSS vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-1536

Cross-site scripting XSS vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-1536

The CVE refers to a Cross-site scripting (XSS) vulnerability in the Drupal AddThis Button module. Affected versions are 5.x before 5.x-2.2 and 6.x before 6.x-2.9. The issue allows remote authenticated users with administer addthis privileges to inject arbitrary web script or HTML via unspecified ...

SA-CONTRIB-2010-021 - AddThis Button - Cross Site Scripting

The AddThis module provides an easy way to share content to over 230 supported services such as Facebook, Email and Twitter. The module did not sanitize some user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Only users with the 'administer addthis'...