Lucene search
K

184 matches found

CNNVD
CNNVD
added 2024/04/23 12:0 a.m.5 views

WordPress plugin wpDiscuz 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References3
Prion
Prion
added 2024/01/11 9:15 a.m.18 views

Cross site scripting

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.9CVSS6AI score0.0045EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 8:33 a.m.4 views

CVE-2023-6561 Featured Image from URL (FIFU) <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.8AI score0.0045EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.14 views

Featured Image from URL (FIFU) < 4.5.4 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape the featured image alt text, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.8AI score0.0045EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/29 12:0 a.m.9 views

The vulnerability of the Custom Logo component of the Nagios XI monitoring tool, which allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Custom Logo component of the Nagios XI monitoring tool is related to the lack of measures taken to protect the SQL query structure when processing the alt-text field. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS6AI score0.01027EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/19 11:15 p.m.4 views

CVE-2023-40932

A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...

5.4CVSS5.8AI score0.01027EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/09/19 11:15 p.m.3 views

CVE-2023-40932

A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...

5.4CVSS5.8AI score0.01027EPSS
Exploits0References4
Prion
Prion
added 2023/09/19 11:15 p.m.26 views

Cross site scripting

A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...

4.9CVSS5.2AI score0.01027EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.5 views

Nagios XI Cross-Site Scripting Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A cross-site scripting vulnerability exists in Nagios XI 5.11.1 and earlier versions, which originates fro...

5.4CVSS5.8AI score0.01027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.4 views

PT-2023-5504 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions 5.11.1 and below Description: A Cross-site scripting XSS vulnerability in the Custom Logo component allows authenticated attackers to inject arbitrary javascript or HTML via the alt-text field. This affects all pages...

5.5CVSS5.2AI score0.01027EPSS
Exploits0References11
CVE
CVE
added 2023/01/23 2:31 p.m.61 views

CVE-2022-4548

CVE-2022-4548 affects the WordPress plugin “Optimize images ALT Text & names for SEO using AI” (versions before 2.0.8). Root cause: missing CSRF protection when updating plugin settings, enabling a logged-in attacker to change settings via CSRF. Reported impact is limited to admin-context changes...

6.5CVSS6.3AI score0.00332EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.4 views

WordPress plugin Optimize images ALT Text & names for SEO using AI 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Optimize...

6.5CVSS6.3AI score0.00332EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/12/28 12:0 a.m.14 views

WordPress Optimize images ALT Text (alt tag) & names for SEO using AI Plugin < 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Optimize images ALT Text alt tag & names for SEO using AI Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4548 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

6.5CVSS6.7AI score0.00332EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/28 12:0 a.m.12 views

Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. PoC Use the following form to abuse the CSRF vulnerability on the settings page: action| ---|--- layout| textColor| contentBackgroundColor|...

6.5CVSS4.4AI score0.00332EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/28 12:0 a.m.562 views

Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Use the following form to abuse the CSRF vulnerability on the settings page: action layout textColor contentBackgroundColor starColor...

6.5CVSS0.3AI score0.00332EPSS
Exploits2
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.7 views

WordPress plugin Logo Showcase with Slick Slider 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in the WordPress...

4.3CVSS5.3AI score0.00339EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/10/24 12:0 a.m.39 views

WordPress Logo Showcase with Slick Slider plugin <= 1.2.4 - Arbitrary Media Title/Description/Alt Text/URL Update vulnerability

Arbitrary Media Title/Description/Alt Text/URL Update vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 1.2.4. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 1.2.5...

4.3CVSS4.6AI score0.00339EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/10/24 12:0 a.m.671 views

Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update

The plugin does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. jQuery.postajaxurl, action: "lswsssaveattachmentdata", attachmentid...

0.3AI score0.00339EPSS
Exploits2
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.552 views

Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the "Alt text" setting of the plugin, then view...

4.8CVSS0.6AI score0.00622EPSS
Exploits2
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/08/04 1:0 a.m.45 views

Writing great alt text: Emotion matters

If you prefer videos to articles, there's an episode of HTTP 203 on this topic. Ok, on with the article… Good alt text means that screen reader users get the same 'meaning' from the page as a fully sighted user. But sometimes that's easier said than done. I recently got stuck trying to figure out...

6.6AI score
Exploits0
Rows per page
Query Builder