EUVD-2024-45621

Malicious code in bioql PyPI...

EUVD-2023-12174

Malicious code in bioql PyPI...

CVE-2024-51821

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wordpresteem WE – Client Logo Carousel we-client-logo-carousel allows Stored XSS.This issue affects WE – Client Logo Carousel: from n/a through = 1.4...

CVE-2023-0073

The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-51821

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wordpresteem WE – Client Logo Carousel we-client-logo-carousel allows Stored XSS.This issue affects WE – Client Logo Carousel: from n/a through = 1.4...

CVE-2024-51821 WordPress WE – Client Logo Carousel plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wordpresteem WE – Client Logo Carousel allows Stored XSS.This issue affects WE – Client Logo Carousel: from n/a through 1.4...

CVE-2024-51821 WordPress WE – Client Logo Carousel plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wordpresteem WE – Client Logo Carousel we-client-logo-carousel allows Stored XSS.This issue affects WE – Client Logo Carousel: from n/a through = 1.4...

WordPress WE – Client Logo Carousel plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WE – Client Logo Carousel versions = 1.4...

CVE-2023-0073

The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0073 Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS

The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0073

The CVE-2023-0073 entry concerns the WordPress plugin Client Logo Carousel (≤ 3.0.0). The connected documents confirm that the vulnerability arises because certain shortcode attributes are not validated or escaped before being echoed on a page, enabling Stored XSS via a contributor+ user. The PoC...

WordPress plugin Client Logo Carousel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2023-15990 · WordPress · Client Logo Carousel

Name of the Vulnerable Software and Affected Versions: The Client Logo Carousel WordPress plugin versions 3.0.0 and earlier Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcod...

Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: 1. First, you need to add a Carousel...

Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Note: 1. First, you need to add a...

WordPress Client Logo Carousel Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Client Logo Carousel Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7a95db4d0d5d Credits Unknown Required...