WP DS Blog Map <= 3.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the settings...

Cross site request forgery (csrf)

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...

Malicious Package

Overview sushiswap-analytics is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

Malicious Package

Overview deere-ui-domain-framework-mixins is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable ...

WordPress plugin Best Contact Management 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

Friday Squid Blogging: Squid Inks Fisherman

Short video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Malicious Package

Overview patrick-test2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

CVE-2022-30517

Mogu blog 5.2 is vulnerable to Cross Site Scripting XSS...

CVE-2022-30517

Mogu blog 5.2 is vulnerable to Cross Site Scripting XSS...

CVE-2022-30517

Mogu blog 5.2 is vulnerable to Cross Site Scripting XSS...

Cross site scripting

Mogu blog 5.2 is vulnerable to Cross Site Scripting XSS...

CVE-2022-30517

Mogu blog 5.2 is vulnerable to Cross Site Scripting XSS...

CVE-2022-30517

Affected software: Mogu blog 5.2. The CVE-2022-30517 entry relates to a Cross Site Scripting (XSS) vulnerability. A connected document (CNNVD-202207-1188) provides a concrete technical detail: the issue stems from the upload handling, where the format of user uploads is not strictly verified and ...

Mogu blog 跨站脚本漏洞

Mogu blog 蘑菇博客 is a micro-architecture based front-end and back-end shared blogging system by individual developers in Streamlet, China. A security vulnerability exists in Mogu blog version 5.2. The vulnerability stems from the fact that the format of user uploads is not strictly verified and is...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

Atlassian Confluence OGNL Injection POC Vulnerability CVE-202...

Malicious Package

Overview order-link-builder is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious Package

Overview @ovh-ui/oui-checkbox is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

blog.altimate.co.uk Cross Site Scripting vulnerability OBB-2686723

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross-site Scripting (XSS)

com.jfinal:jfinal is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute arbitrary javascript via a crafted payload injected into the keyword text field under the publish blog module...

FlatPress Cross-Site Scripting Vulnerability (CNVD-2022-58896)

Flatpress is a blog builder based on Php without database support from the Flatpress community. A cross-site scripting vulnerability exists in FlatPress version 1.2.1. An attacker can exploit this vulnerability to execute arbitrary JavaScript commands via blog content...