AddToAny < 1.7.46 - Authenticated Stored XSS

The plugin does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Sharing Header setting of th...

AddToAny < 1.7.46 - Authenticated Stored XSS

The plugin does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Sharing Header setting of the...

WordPress AddToAny Share Buttons plugin <= 1.7.45 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress AddToAny Share Buttons plugin versions = 1.7.45. Solution Update the WordPress AddToAny Share Buttons plugin to the latest available version at least 1.7.46...

DRUPAL-CONTRIB-2019-039

This module enables you to add social media share buttons on your website to its content and pages. The module doesn't sufficiently mark its administration permission restricted, allowing cross site scripting vulnerabilities to users who have access to its admin settings. This vulnerability is...

AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-039

This module enables you to add social media share buttons on your website to its content and pages. The module doesn't sufficiently mark its administration permission restricted, allowing cross site scripting vulnerabilities to users who have access to its admin settings. This vulnerability is...

WordPress AddToAny Share Buttons plugin <=1.7.14 - Conditional Host Header Injection vulnerability

Conditional Host Header Injection vulnerability found by Paul Dannewitz in WordPress AddToAny Share Buttons plugin. Vulnerable plugin version used Host header instead of homeurl thus allows custom Hostheader injection by crafted link, web cache poisoning and it may end up with sharing malicious...

addtoany.com XSS vulnerability

Vulnerable URL: https://www.addtoany.com/buttons/for/website?code=94102=xcpsoevs'"=1customservices=1language=arnumservices=2emailaddress=asd@asd.com=kitshare=page Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

CVE-2012-2072

Cross-site scripting XSS vulnerability in the Share Buttons AddToAny module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2072

The CVE-2012-2072 issue affects the Drupal Share Buttons (AddToAny) module (6.x-3.x series) prior to version 6.x-3.4. The root cause is improper sanitization of user-provided data, enabling cross-site scripting (XSS) by remote authenticated users who have the administer addtoany permission. Impac...

CVE-2012-2072

Cross-site scripting XSS vulnerability in the Share Buttons AddToAny module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors...

SA-CONTRIB-2012-045 - AddToAny - Cross Site Scripting

CVE: CVE-2012-2072 This module enables you to add Lockerz/AddToAny's universal sharing buttons to your site. Previously, the module did not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fac...

CVE-2009-4043

Cross-site scripting XSS vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title...

Cross site scripting

Cross-site scripting XSS vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title...

CVE-2009-4043

CVE-2009-4043 is a cross-site scripting (XSS) vulnerability in the Drupal AddToAny module (5.x before 5.x-2.4 and 6.x before 6.x-2.4). An attacker can inject arbitrary web script or HTML via a node title. root cause is insufficient input sanitization in the AddToAny integration, enabling script e...

CVE-2009-4043

Cross-site scripting XSS vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title...

SA-CONTRIB-2009-100 - AddToAny - Cross Site Scripting

AddToAny module provides a share button for AddToAny service for social networks. The module fails to sanitize a value in node title, leading to a Cross Site Scripting XSS vulnerability. Versions affected AddToAny module for Drupal 6.x prior to AddToAny 6.x-2.4 AddToAny module for Drupal 5.x prio...