Cross-Site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the Customizer...

DEBIAN-CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...

CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...

CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...

CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...

Cross site scripting

WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...

UBUNTU-CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...

CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...

CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...

CVE-2019-17674

CVE-2019-17674 affects WordPress prior to 5.2.4, enabling stored XSS via the Customizer. The issue is triggered by input handled in the Customizer and can be exploited by an attacker to inject scripts that persist across sessions. The provided connected documents confirm the WordPress version aff...

WordPress <= 5.2.3 - Stored XSS in Customizer

...

PT-2019-5220 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.4 Description: The issue is related to a stored XSS cross-site scripting vulnerability via the Customizer. This vulnerability can be exploited by a remote attacker to impact data integrity. Recommendations: For...

CVE-2019-1229

An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker...

CVE-2019-1229

An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker...

Dynamics On-Premise Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker...

Yellow Pencil Visual Theme Customizer Plugin for WordPress < 7.2.1 Privilege Escalation

The WordPress Yellow Pencil Visual Theme Customizer Plugin installed on the remote host is affected by a privilege escalation vulnerability due to 'ypremotegetfirst' function. An unauthenticated, remote attacker can leverage this issue to perform WordPress actions that were restricted to...

WordPress 3.9.x < 3.9.20 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A flaw in $wpdb-prepare can create unsafe queries leading to potential SQL injection flaws with plugins and themes. - Multiple cross-site scripting XSS vulnerabilities...

FreeBSD : wordpress -- multiple issues (a48d4478-e23f-4085-8ae4-6b3a7b6f016b)

wordpress developers report : Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before...

WordPress Customizer Component Path Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Customizer component is one of the components of the build tool for WordPress theme development and plugin development. A...

WordPress 4.4-4.8.1 - Path Traversal in Customizer

Description A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team...