CVE-2019-15827

The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter...

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem meaning "organization" in Urdu and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps ...

CVE-2023-28430

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...

Code injection

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...

CVE-2023-28430 OneSignal repository github action command injection

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...

CVE-2023-28430 OneSignal repository github action command injection

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...

CVE-2023-28430

OneSignal GitHub Actions vulnerability CVE-2023-28430 enables an issue-closure workflow step to receive data from the issue title, using a repository token with full write permissions. This CodeQL-detected expression injection could let an attacker take over the GitHub Runner and execute commands...

CVE-2023-28430 OneSignal repository github action command injection

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...

OneSignal命令注入漏洞

OneSignal is a push notification, email, and SMS application from OneSignal. OneSignal suffers from a command injection vulnerability. An attacker could use the vulnerability to take over GitHub Runner and run custom commands to steal sensitive information or make changes to the repository...

WordPress OneSignal Plugin < 1.17.8 XSS Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

CVE-2019-15827

The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter...

CVE-2019-15827

The CVE-2019-15827 entry affects the WordPress plugin onesignal-free-web-push-notifications, specifically versions before 1.17.8. The vulnerability is an XSS via the subdomain parameter (POST or input handling) that can lead to client-side script execution within the context of an affected site. ...

WordPress OneSignal Plugin Cross-Site Scripting

A Cross-Site Scripting vulnerability exists in WordPress OneSignal plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

WordPress Plugin OneSignal Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports the hosting of personal blog sites on servers with PHP and MySQL.OneSignal is an application push notification service. A cross-site scripting vulnerability exists in the WordPre...

WordPress OneSignal 1.17.5 Plugin (subdomain) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link: https://wordpress.org/plugins/onesignal-free-web-push-notifications/ Affected version...

WordPress OneSignal 1.17.5 Cross Site Scripting

history.pushState'', 'SHPA', '/' input type="hidden" name="wphttpreferer" valu...

WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting

WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link:...

OneSignal Web Push Notifications - Stored XSS

The OneSignal – Web Push Notifications WordPress plugin was affected by a Stored XSS security vulnerability...

WordPress Plugin OneSignal 1.17.5 - &#039;subdomain&#039; Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link: https://wordpress.org/plugins/onesignal-free-web-push-notifications/ Affected version: 1.17.5 Exploit Author: LiquidWorm Tested on: Linux...

WordPress Plugin OneSignal 1.17.5 Persistent Cross-Site Scripting

Summary OneSignal is a high volume and reliable push notification service for websites and mobile applications. We support all major native and mobile platforms by providing dedicated SDKs for each platform, a RESTful server API, and an online dashboard for marketers to design and send push...