104 matches found
CVE-2024-51905 WordPress RSV PDF Preview plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ravi & Suma RSV PDF Preview allows Stored XSS.This issue affects RSV PDF Preview: from n/a through 1.0...
CVE-2024-51905 WordPress RSV PDF Preview plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ravi Kumar Vanukuru RSV PDF Preview rsv-pdf-preview allows Stored XSS.This issue affects RSV PDF Preview: from n/a through = 1.0...
CVE-2024-51905
CVE-2024-51905 is a Stored XSS in the RSV PDF Preview WordPress plugin (versions 1.0 and earlier). Root cause: improper input neutralization during web page generation. Affected product: RSV PDF Preview (WordPress). Public sources indicate the issue affects RSV PDF Preview up to version 1.0 with ...
WordPress plugin RSV PDF Preview 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-35037 · Unknown · Rsv Pdf Preview
Name of the Vulnerable Software and Affected Versions: RSV PDF Preview versions 1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For RSV PDF...
CVE-2024-33231
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component...
CVE-2024-33231
CVE-2024-33231 concerns a Cross Site Scripting vulnerability in Ferozo Email 1.1 . The issue affects the PDF preview component and enables a local attacker to execute arbitrary code through a crafted payload. The public descriptions consistently identify the affected software and the PDF preview ...
CVE-2024-33231
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component...
Ferozo Email 安全漏洞
Ferozo Email is a powerful and simple hosting panel from Ferozo. A security vulnerability exists in Ferozo Email version 1.1, which stems from vulnerability to cross-site scripting attacks, where a local attacker can execute arbitrary code against the PDF Preview component via a crafted payload...
CVE-2024-33231
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component...
WordPress RSV PDF Preview Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software RSV PDF Preview Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51905 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 292589128a03 Credits SOPROBRO Required privilege Contributor...
CVE-2024-39457
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser...
CVE-2024-39457
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser...
CVE-2024-39457
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser...
CVE-2024-39457
Cybozu Garoon 6.0.0–6.0.1 contains a cross-site scripting (CWE-79) vulnerability in the PDF preview feature. If successfully exploited, an arbitrary script could execute in a logged-in user’s browser. Affected versions are 6.0.0 through 6.0.1. Remediation guidance observed across sources is to up...
PT-2024-28502 · Cybozu · Cybozu Garoon
Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 6.0.0 through 6.0.1 Description: The issue is related to a cross-site scripting vulnerability in the PDF preview feature. If exploited, this could allow an arbitrary script to be executed on a logged-in user's web...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview CWE-79. Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary script may be...
JVN#74825766: Cybozu Garoon vulnerable to cross-site scripting
Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by...
Stored Cross-Site Scripting (XSS)
pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in pdfpreview.js, which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the browser through the author and title fields...
Dissecting the Chrome Extension Facebook malware
It's been a few days since Kaspersky Lab's blog post about the Multi Platform Facebook malware that was spread through Facebook Messenger. At the same time as Kaspersky Lab were analyzing this threat, a few researchers where doing the same, including Frans Rosén, Security Advisor at Detectify...