4 matches found
Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been
The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...
Cross-site scripting vulnerability in wordpress plugin prettypre
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. The wordpress plugin prettypre suffers from a cross-site scripting vulnerability due to improper filtering of user input, whi...
wordpress plugin event-notifier cross-site scripting vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the wordpress plugin event-notifier, which allows attackers to frame malicious...
Multiple Cross-Site Scripting Vulnerabilities in Wordpress Plugin classbyte
ClassByte is a Wordpress plugin that allows the user to connect an instance of ClassByte to the user's WordPress site. Wordpress plugin classbyte has an xss vulnerability due to improper filtering of user input, which allows attackers to frame malicious web pages and trick users into parsing them...