665 matches found
PT-2024-10890 · WordPress · Qyrr Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Qyrr WordPress plugin versions prior to 0.7 Description: The issue allows for Cross-Site Scripting attacks due to the failure to escape the data-uri of the QR Code when outputting it in a src attribute. Additionally, the data uri to meta AJAX...
CVE-2023-51673
Cross-Site Request Forgery CSRF vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17...
CVE-2023-51673
CVE-2023-51673 concerns Cross-Site Request Forgery in the Stylish Price List – Price Table Builder & QR Code Restaurant Menu WordPress plugin (affected: from n/a through 7.0.17). The issue is a CSRF flaw (no details on exploit path beyond CSRF) that could enable unauthorized actions by a logged-i...
CVE-2023-51673 WordPress Stylish Price List Plugin <= 7.0.17 is vulnerable to Broken Access Control
Cross-Site Request Forgery CSRF vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17...
CVE-2023-7149
A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...
CVE-2023-7149
A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...
Cross site scripting
A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...
CVE-2023-7149 code-projects QR Code Generator cross site scripting
A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...
CVE-2023-7149
CVE-2023-7149 affects code-projects QR Code Generator 1.0. The vulnerability is a cross-site scripting (XSS) flaw in the /download.php?file=author.png parameter, exploitable via input such as ">; this can be triggered remotely and requires user interaction. Several sources corroborate the issu...
CVE-2023-7149 code-projects QR Code Generator cross site scripting
A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...
PT-2023-8291 · Unknown · Code-Projects Qr Code Generator
Name of the Vulnerable Software and Affected Versions: code-projects QR Code Generator version 1.0 Description: A problem exists in the code-projects QR Code Generator due to inadequate protection of the web page structure. This issue can be exploited by a remote attacker to conduct a cross-site...
CVE-2023-6913
A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView withou...
Session fixation
A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView withou...
CVE-2023-6913 Session Hijacking on Imou Life app
A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView withou...
CVE-2023-6913
The CVE-2023-6913 entry relates to Imou Life (v6.7.0) and describes a session hijacking issue caused by the QR code flow not filtering codes when pairing a new device, which can trigger WebView to run without user prompt. The result is potential user account takeovers and phishing via the affecte...
Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code
Another rare security + squid story: The woman--who has only been identified by her surname, Wang--was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social...
QR Code Tag <= 1.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its qrcodetag shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
CVE-2023-48197
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...