CVE-2018-0579

Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0579

The CVE relates to the WordPress plugin “Open Graph for Facebook, Google+ and Twitter Card Tags” (prior to v2.2.4.1). A reflected XSS was reported in the wd_fb_og_error parameter on GET edits, exploitable by an authenticated WordPress administrator via crafted link. Impact is arbitrary script exe...

CVE-2018-0579

Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting

Overview The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

JVN#08386386: WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting

The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according t...

WordPress Open Graph for Facebook, Google+ and Twitter Card Tags Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Open Graph for Facebook, Google+ and Twitter Card Tags plugin,...

Node.js third-party modules: [metascraper] Stored XSS in Open Graph meta properties read by metascrapper

Hi Guys, metascrapper is vulnerable to Stored XSS via Open Graph metadata, if they are used in HTML without any sanitization. Module: A library to easily scrape metadata from an article on the web using Open Graph metadata, regular HTML metadata, and series of fallbacks...

WordPress Content Cards Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports PHP and MySQL server set up a personal blog site.Content Cards plugin is used in one of the website link embedded plug-ins. A cross-site scripting vulnerability exists i...

CVE-2017-17096

Cross-site scripting XSS vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data...

[SECURITY] Fedora 25 Update: drupal7-metatag-1.21-1.fc25

The Metatag module allows you to automatically provide structured metadata, aka "meta tags", about your website. In the context of search engine optimization, when people refer to meta tags they are usually referring to the meta description tag and the meta keywords tag that may help improve the...

[SECURITY] Fedora 24 Update: drupal7-metatag-1.21-1.fc24

The Metatag module allows you to automatically provide structured metadata, aka "meta tags", about your website. In the context of search engine optimization, when people refer to meta tags they are usually referring to the meta description tag and the meta keywords tag that may help improve the...

Vimeo: Private, embeddable videos leaks data through Facebook & Open Graph

Clip meta-data disclosed to thrid-party crawlers...

Drupal Open Graph Importer Module Limit Bypass Vulnerability

Drupal is a free, open source content management system developed in PHP. open Graph Importer is a module that supports back-end administrators or other users to import content from other websites using open graph meta tags. A security vulnerability exists in the Drupal Open Graph Importer module...

CVE-2015-4389

The Open Graph Importer ogtagimporter 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import ogtagimporter" permission...

Open redirect

The Open Graph Importer ogtagimporter 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import ogtagimporter" permission...

CVE-2015-4389

The CVE concerns the Drupal contributed module Open Graph Importer (og_tag_importer) in the 7.x-1.x line. The root cause is improper enforcement of the create permission on destination content types during import, enabling remote authenticated users with the import_og_tag_importer permission to b...

CVE-2015-4389

The Open Graph Importer ogtagimporter 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import ogtagimporter" permission...

Open Graph Importer - Moderately Critical - Access bypass - Unsupported - SA-CONTRIB-2015-092

This module enables you to import content from a web page by scraping its Open Graph data. The module doesn't sufficiently check for "create" permission to the content type that is configured as the destination for imported content, thus allowing a user with the "import ogtagimporter" permission ...

CVE-2014-6234

Cross-site scripting XSS vulnerability in the Open Graph protocol jhopengraphprotocol extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...