CVE-2021-42549

Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

Cross site scripting

Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

CVE-2021-42549

CVE-2021-42549 concerns the WordPress Lets-Box plugin where versions prior to 1.15.3 suffer a reflected XSS in the search functionality due to insufficient input validation. The vulnerability allows an unauthenticated user to craft a reflected Cross-Site Scripting attack via the search endpoint. ...

CVE-2021-42547

CVE-2021-42547 affects the WordPress plugin “Out-of-the-Box” (WP Cloud Plugins - Out-of-the-Box) prior to version 1.20.3. The root cause is insufficient input validation in the plugin’s search functionality, enabling unauthenticated attackers to craft a reflected Cross-Site Scripting (XSS) attack...

CVE-2021-42547 reflected XSS in search functionality of WP Cloud Plugins - Out-of-the-Box

Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

WordPress Lets-Box premium plugin <= 1.13.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Trainer Red in WordPress Lets-Box premium plugin versions = 1.13.2. Solution Update the WordPress Lets-Box premium plugin to the latest available version at least 1.13.3...

WordPress Out-of-the-Box premium plugin <= 1.20.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Trainer Red in WordPress Out-of-the-Box premium plugin versions = 1.20.2. Solution Update the WordPress Out-of-the-Box premium plugin to the latest available version at least 1.20.3...

Out of the Box < 1.20.3 - Reflected Cross-Site Scripting

Insufficient Input Validation in the search functionality of the plugin allows attackers to perform a reflected Cross-Site Scripting attack...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language.Lets-Box Plugin is a WordPress open source application plugin.Wordpress Lets-Box Plugin has a cross-site scripting vulnerability in versions prior to 1.15.3, which stems from the Lets-Box Plugin'...

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the Wordpress plugin that stems from insufficient input validation in the Out-of-the-Box search function of the Wordpress plugin prior to 1.20.3, allowing an unauthenticated user to create a...

Lets Box < 1.13.3 - Reflected Cross-Site Scripting

Insufficient Input Validation in the search functionality of the plugin allows attackers to perform a reflected Cross-Site Scripting attack...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Join Community Telegram CVE-2021-4...

CVE-2021-24745

The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks...

CVE-2021-24745

CVE-2021-24745 affects the WordPress plugin About Author Box (versions before 1.0.2). The root cause is failure to sanitize and escape values in the Social Profiles field before rendering in attributes, enabling a stored cross-site scripting (XSS) flaw. The issue permits a user with a low-privile...

CVE-2021-24745 About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting

The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in versions of Th...

CentOS 7 : firefox (RHSA-2021:4116)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4116 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

CentOS 7 : thunderbird (RHSA-2021:4134)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4134 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

Costco Confirms: A Data Skimmer’s Been Ripping Off Customers

Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if they shopped there recently. Some customers have been aware for weeks that something was fishy and have been...

FormatFuzzer - A Framework For High-Efficiency, High-Quality Generation And Parsing Of Binary Inputs

FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs. It takes a binary template that describes the format of a binary input and generates an executable that produces and parses the given binary format. From a binary template for GIF, for instance,...