WordPress CodePen Embedded Pens Shortcode Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software CodePen Embedded Pens Shortcode Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50440 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ea887c573a3b Credits theviper17 Required...

CVE-2024-37960

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0...

CVE-2024-37960 WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0...

CVE-2024-37960

CVE-2024-37960 is a stored XSS in the WordPress plugin CodePen Embedded Pens Shortcode (versions &lt;= 1.0.0). The vulnerability stems from improper input neutralization during web page generation, enabling stored cross-site scripting. Affected: CodePen Embedded Pens Shortcode,

PT-2024-27866 · Codepen · Codepen Embedded Pens Shortcode

Name of the Vulnerable Software and Affected Versions: CodePen Embedded Pens Shortcode versions 1.0.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin CodePen Embedded Pens Shortcode versions = 1.0.0...

WordPress CodePen Embedded Pens Shortcode Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software CodePen Embedded Pens Shortcode Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37960 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 012982f72b9c Credits Jean Tirstan T Require...

Valve: code injection, steam chat client

The steam chat client allows oEmbed, apparently based on a whitelist. One of the whitelisted oEmbedis codepen. When a codepen is created, it can be sent as a link to another steam user, and the code inside the codepen will execute within the privileged Steam Chat context. You can send these codep...