184 matches found
WordPress plugin wpDiscuz 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Cross site scripting
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-6561 Featured Image from URL (FIFU) <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Featured Image from URL (FIFU) < 4.5.4 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape the featured image alt text, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
The vulnerability of the Custom Logo component of the Nagios XI monitoring tool, which allows a hacker to perform cross-site scripting attacks.
The vulnerability of the Custom Logo component of the Nagios XI monitoring tool is related to the lack of measures taken to protect the SQL query structure when processing the alt-text field. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2023-40932
A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...
CVE-2023-40932
A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...
Cross site scripting
A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...
Nagios XI Cross-Site Scripting Vulnerability
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A cross-site scripting vulnerability exists in Nagios XI 5.11.1 and earlier versions, which originates fro...
PT-2023-5504 · Nagios Xi · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI versions 5.11.1 and below Description: A Cross-site scripting XSS vulnerability in the Custom Logo component allows authenticated attackers to inject arbitrary javascript or HTML via the alt-text field. This affects all pages...
CVE-2022-4548
CVE-2022-4548 affects the WordPress plugin “Optimize images ALT Text & names for SEO using AI” (versions before 2.0.8). Root cause: missing CSRF protection when updating plugin settings, enabling a logged-in attacker to change settings via CSRF. Reported impact is limited to admin-context changes...
WordPress plugin Optimize images ALT Text & names for SEO using AI 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Optimize...
WordPress Optimize images ALT Text (alt tag) & names for SEO using AI Plugin < 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Optimize images ALT Text alt tag & names for SEO using AI Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4548 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. PoC Use the following form to abuse the CSRF vulnerability on the settings page: action| ---|--- layout| textColor| contentBackgroundColor|...
Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Use the following form to abuse the CSRF vulnerability on the settings page: action layout textColor contentBackgroundColor starColor...
WordPress plugin Logo Showcase with Slick Slider 访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in the WordPress...
WordPress Logo Showcase with Slick Slider plugin <= 1.2.4 - Arbitrary Media Title/Description/Alt Text/URL Update vulnerability
Arbitrary Media Title/Description/Alt Text/URL Update vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 1.2.4. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 1.2.5...
Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update
The plugin does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. jQuery.postajaxurl, action: "lswsssaveattachmentdata", attachmentid...
Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the "Alt text" setting of the plugin, then view...
Writing great alt text: Emotion matters
If you prefer videos to articles, there's an episode of HTTP 203 on this topic. Ok, on with the article… Good alt text means that screen reader users get the same 'meaning' from the page as a fully sighted user. But sometimes that's easier said than done. I recently got stuck trying to figure out...