61 matches found
CVE-2024-1161
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
CVE-2024-1161 Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
CVE-2024-1161 Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
PT-2024-17136 · WordPress · Brizy
Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.43 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks due to insufficient input sanitization and output...
CVE-2024-4485
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncustomattributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...
FooGallery < 2.4.15 - Author+ Stored XSS
Description The plugin does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Create a new...
CVE-2024-3926
The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customattributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input sanitization...
WordPress Element Pack Elementor Addons plugin <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via customattributes vulnerability discovered by wesley wcraft in WordPress Plugin Element Pack Elementor Addons versions = 5.6.1...
CVE-2024-2127
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2024-18849 · WordPress · Pagelayer
Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions up to, and including, 1.8.3 Description: The issue is related to Stored Cross-Site Scripting via custom attributes due to insufficient input sanitizatio...
CVE-2023-6747
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to...
Add Unique Asset Context with Custom Attributes in CSAM
There is no such thing as “too much context” when it comes to asset management. Continuous discovery and comprehensive, normalized asset data create the foundation for streamlined risk detection and response. The more reliable asset data a security team has, the better it can operationalize an...
GSD-2023-1000738 HID: hid-sensor-custom: set fixed size for custom attributes
HID: hid-sensor-custom: set fixed size for custom attributes This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...
CVE-2020-20406
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes...
CVE-2020-20406
The CVE-2020-20406 entry concerns Elementor Page Builder (v2.9.2 and earlier) where a Stored Cross-Site Scripting (XSS) flaw exists in the Custom Link Attributes control Affect function due to inadequate filtering of link attributes. The impact is stored XSS; details on exploit vectors or affecte...
Extract and Use Custom Attributes from Active Directory for NetScaler Appliance
Although Active Directory AD username and realm/domain attributes are often sufficient for identifying a user, at times you need even more details of the user. For example, "UserPrincipalName" that contains the user’s domain might represent a forest level realm and not the organization to which t...
CVE-2020-13865
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes...
CVE-2020-13865
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes...
Elementor Page Builder < 2.9.10 - Authenticated Stored XSS
The Elementor Page Builder plugin is susceptible to stored XSS. An author user can create custom links containing XSS payloads or apply custom attributes to widgets which results in XSS. PoC javascript:alert1, JaVaScript:alert1, javas cript:alert1...
Open-Xchange: IDOR - setAttribute action of user object in API
Note. I selected sandbox.open-xchange.com as the asset in Hackerone but this was tested on a local installation . Hello, There appears to be a possible IDOR vulnerability in the following API endpoint for setting custom attributes:...