CVE-2023-0170 Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Plugin Html5 Audio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Html5 Audio Player Plugin < 2.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Html5 Audio Player Type Plugin Vulnerable versions 2.1.12 Fixed in 2.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0170 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e11a35149ba9 Credits Lana Codes...

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. h5apinlineplayer src="invalid'...

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC h5apinlineplayer src="invalid'...

CVE-2021-24412

The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...

CVE-2021-24412

The CVE-2021-24412 entry applies to the WordPress plugin Html5 Audio Player (before 2.1.3). The vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/validation of shortcode parameters, enabling users with as low as a contributor role to inject malicious pa...

CVE-2021-24412 Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting

The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...

Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode PoC Log in as contributor and add the following shortco...

WordPress Html5 Audio Player plugin <= 2.1.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Michał Lipiński WordPress Html5 Audio Player plugin versions = 2.1.2. Solution Update the WordPress Html5 Audio Player plugin to the latest available version at least 2.1.3...

CVE-2013-7324

Webkit-GTK 2.x any version with HTML5 audio/video support based on GStreamer allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration...

CVE-2013-7324

Webkit-GTK 2.x any version with HTML5 audio/video support based on GStreamer allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration...

mb.miniAudioPlayer 1.4.2 - TinyMCE Popup Unspecified Issue

The mb.miniAudioPlayer – an HTML5 audio player for your mp3 files WordPress plugin was affected by a TinyMCE Popup Unspecified Issue security vulnerability...

Google Chrome Multiple Vulnerabilities-01 June13 (MAC OS X)

The host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln01jun13macosx.nasl 6104 2017-05-11 09:03:48Z teissa $ Google Chrome Multiple Vulnerabilities-01 June13 MAC OS X Authors: Arun Kallavi Copyright: Copyright c 201...

Google Chrome Multiple Vulnerabilities-01 (Jun 2013) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2706-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2855 The Developer Tools API in Chromium before 27.0.1453.110 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors. - CVE-2013-2856...

DSA-2706-1 chromium-browser - several

Bulletin has no description...

CVE-2013-2858

Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

Google Chrome < 27.0.1453.110 Multiple Vulnerabilities

Binary data 801017.prm...

CVE-2013-2858

Removed by vendor...