20 matches found
EUVD-2023-27757
Malicious code in bioql PyPI...
EUVD-2024-26798
Malicious code in bioql PyPI...
CVE-2024-29804
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14...
CVE-2023-23670
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Team Heateor Fancy Comments WordPress plugin = 1.2.10 versions...
CVE-2024-29804
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14...
CVE-2024-29804
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14...
CVE-2024-29804
CVE-2024-29804 is a Stored Cross-Site Scripting (XSS) vulnerability in Fancy Comments WordPress plugin (
WordPress Plugin Fancy Comments WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-23049 · WordPress · Fancy Comments
Name of the Vulnerable Software and Affected Versions: Fancy Comments WordPress versions 1.2.14 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...
WordPress Fancy Comments WordPress Plugin <= 1.2.14 is vulnerable to Cross Site Scripting (XSS)
Software Fancy Comments WordPress Type Plugin Vulnerable versions = 1.2.14 Fixed in 1.2.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29804 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 363425af08f9 Credits Ngô Thiên An ancorn from...
Fancy Comments WordPress < 1.2.15 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...
Fancy Comments WordPress < 1.2.15 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Put...
CVE-2023-23670
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Team Heateor Fancy Comments WordPress plugin = 1.2.10 versions...
CVE-2023-23670
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Team Heateor Fancy Comments WordPress plugin = 1.2.10 versions...
CVE-2023-23670 WordPress Fancy Comments WordPress Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Team Heateor Fancy Comments WordPress plugin = 1.2.10 versions...
CVE-2023-23670 WordPress Fancy Comments WordPress Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Team Heateor Fancy Comments WordPress plugin = 1.2.10 versions...
CVE-2023-23670
CVE-2023-23670 corresponds to an Authenticated Cross-Site Scripting (XSS) vulnerability in the Team Heateor Fancy Comments WordPress plugin (versions
WordPress plugin Fancy Comments 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Fancy Comments WordPress Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)
Software Fancy Comments WordPress Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23670 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d8c2e0ffbd22 Credits István Márto...
Fancy Comments WordPress < 1.2.11 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...