21 matches found
EUVD-2024-30383
Malicious code in bioql PyPI...
CVE-2024-32581
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lenderd Mortgage Calculators WP allows Stored XSS.This issue affects Mortgage Calculators WP: from n/a through 1.56...
CVE-2024-32581
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lenderd Mortgage Calculators WP allows Stored XSS.This issue affects Mortgage Calculators WP: from n/a through 1.56...
CVE-2024-32581 WordPress Mortgage Calculators WP plugin <= 1.56 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lenderd Mortgage Calculators WP allows Stored XSS.This issue affects Mortgage Calculators WP: from n/a through 1.56...
CVE-2024-32581 WordPress Mortgage Calculators WP plugin <= 1.56 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lenderd Mortgage Calculators WP allows Stored XSS.This issue affects Mortgage Calculators WP: from n/a through 1.56...
CVE-2024-32581
CVE-2024-32581 is a Stored XSS in Mortgage Calculators WP plugin affecting versions up to 1.56. Root cause: Improper input neutralization during web page generation. Impact (per provided metrics): low to moderate across confidentiality, integrity, availability; overall CVSS 3.1 base score 6.5 (ME...
PT-2024-24703 · WordPress · Mortgage Calculators Wp
Name of the Vulnerable Software and Affected Versions: Mortgage Calculators WP versions 1.56 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious scripts into the...
WordPress Plugin Mortgage Calculators WP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Mortgage Calculators WP plugin <= 1.56 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Mortgage Calculators WP versions = 1.56...
WordPress Mortgage Calculators WP Plugin <= 1.56 is vulnerable to Cross Site Scripting (XSS)
Software Mortgage Calculators WP Type Plugin Vulnerable versions = 1.56 Fixed in 1.60 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32581 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c47f59b4c10d Credits Ngô Thiên An ancorn from VNPT-VC...
WordPress Mortgage Calculators WP Cross-Site Scripting Vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Mortgage Calculators WP suffers from a cross-site scripting vulnerability, for which no detailed...
CVE-2021-24904
The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24904
The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24904 Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting
The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24904
CVE-2021-24904 affects WordPress Mortgage Calculators WP plugin prior to 1.56. The issue is a stored XSS in the color value of the background for a calculator, caused by no sanitisation of the color setting. The impact is that high-privilege (admin/authenticated) users could inject scripts when u...
WordPress Mortgage Calculators WP 1.52 Cross Site Scripting
Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting XSS Authenticated Date: 25-10-2021 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: https://lenderd.com/ Software Link: https://mortgagecalculatorsplugin.com/ Version: 1.52 Tested on: Linux CVE :...
WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting XSS Authenticated Date: 25-10-2021 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: https://lenderd.com/ Software Link: https://mortgagecalculatorsplugin.com/ Version: 1.52 Tested on: Linux CVE :...
Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting
The plugin does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to settings page available under the "Calculato...
Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting
The plugin does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Go to settings page available under the...