253 matches found
CVE-2022-45447
The CVE-2022-45447 entry describes a directory-traversal vulnerability in the M4 PDF plugin for Prestashop (versions 3.2.3 and earlier). The flaw resides in the f parameter handling of the /m4pdf/pdf.php resource, which does not properly validate the requested relative path, enabling an attacker ...
CVE-2022-45447 Path Traversal in M4 PDF plugin for Prestashop sites
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could...
Prestashop Path Traversal Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program provides a variety of payment methods, short message alerts and product image zoom and other features. Prestashop plugin M4 PDF 3.2.3 and previous versions of a security vulnerability , the...
PT-2023-14671 · Prestashop · M4 Pdf Plugin
Name of the Vulnerable Software and Affected Versions: M4 PDF plugin for Prestashop sites versions 3.2.3 and before Description: The M4 PDF plugin for Prestashop sites is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource "/m4pdf/pdf.php" uses templates to dynamically...
Apple Safari PDF Plugin Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebKit PDF plugin...
CVE-2022-4788
The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4788 Embed PDF <= 1.0.6 - Contributor+ Stored XSS via Shortcode
The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Embed PDF 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plug-in. A cross-site scripting vulnerability...
SUSE CVE-2016-5206
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page...
PT-2022-24144 · Unknown · Pdf & Print Plugin
Name of the Vulnerable Software and Affected Versions: PDF & Print Plugin affected versions not specified Description: A vulnerability was found in the PDF & Print Plugin, affecting an unknown part of the component Setting Handler. The issue leads to cross-site scripting and can be initiated...
CVE-2022-3070
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3070
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3070 Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting...
WordPress Videos sync PDF plugin <= 1.7.4 - Stored Cross-Site Scripting via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting via Cross-Site Request Forgery CSRF vulnerability discovered by UnD3sc0n0c1d0 in WordPress Videos sync PDF plugin versions = 1.7.4. Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for download. This closure is...
Command injection
The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be installed after clicking on submit...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be uninstalled after clicking on submit...
Foxit PhantomPDF U3DBrowser U3D File Parsing Out-of-Bounds Read Remote Code Execution Vulnerability
Foxit PhantomPDF is China's Foxit Foxit a PDF document reader.Foxit 3D Plugin is China's Foxit Foxit a use in the PDF document reader in the 3D plug-in. A security vulnerability exists in Foxit PhantomPDF's handling of U3D objects in PDF files, which stems from the program's failure to properly...