665 matches found
CVE-2023-48197
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...
Cross site scripting
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...
CVE-2023-48199
CVE-2023-48199 describes an HTML Injection vulnerability in Grocy versions prior to 4.0.4, specifically in the manageApiKeys component. The issue arises when user-supplied data is not sanitized, allowing injection of HTML tags through parameter values and potentially altering the QR code detail p...
Grocy Cross-Site Scripting Vulnerability
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the QR code function of the manageapikeys component. An attacker could...
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
PT-2023-30724 · Grocy · Grocy
Name of the Vulnerable Software and Affected Versions: Grocy versions prior to 4.0.4 Description: The issue allows attackers to inject arbitrary HTML content without script execution, occurring when user-supplied data is not properly sanitized. This enables the injection of HTML tags through...
Signal is testing usernames so you don’t have to share your phone number
Messaging service Signal is testing support for usernames as a replacement for phone numbers to serve as user identities. Signal provides encrypted instant messaging and is popular among people that value their privacy. Compared to more popular services like WhatsApp, Signal offers more layers of...
CVE-2023-5567
The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5567
The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5567
CVE-2023-5567 – QR Code Tag (WordPress) Stored XSS : Affected plugin is QR Code Tag. The vulnerability arises from insufficient input sanitization/output escaping in the qrcodetag shortcode, allowing stored XSS. Versions up to 1.0 are affected. Exploitation requires authentication at contributor ...
PT-2023-32182 · WordPress · Qr Code Tag
Name of the Vulnerable Software and Affected Versions: QR Code Tag plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'qrcodetag' shortcode, allowing authenticated...
WordPress QR Code Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software QR Code Tag Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5567 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1f923c2a1cd Credits Lana Codes Required privilege...
Surge in QR Code Quishing: Check Point Records 587% Attack Spike
By Deeba Ahmed Explore insights into the rise of Quishing attacks, the risks associated with QR code exploitation, and crucial preventive… This is a post from HackRead.com Read the original post: Surge in QR Code Quishing: Check Point Records 587% Attack Spike...
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious...
Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram
Malvertising is a powerful malware or scam delivery mechanism that makes it easy to target specific geographies or even users. A recent article from the South China Morning Post discussed an increase in malicious webpages for the popular WhatsApp communication tool, driven via malicious Google ad...
Denial Of Services (DoS)
Libopencvcontrib.so is vulnerable to Denial of Service DoS. This vulnerability exists due to a lack of proper buffer cleanup during an error in the DecodedBitStreamParser function of decodedbitstreamparser.cpp', which allows an attacker to cause an application crash when scanning a QR code...
Denial Of Service (DoS)
libopencvcontrib.so is vulnerable to Denial of Service DoS. A null pointer dereference in the wechatqrcode module allows a remote attacker to crash affected applications by sending a specially crafted QR code. The vulnerability exists in DecodedBitStreamParser::decodeByteSegment function of the...
Explained: Quishing
Quishing is phishing using QR Quick Response codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link. The use of QR codes in malicious campaigns ...
qr-code-generator.com Cross Site Scripting vulnerability OBB-3653975
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Heap-based Buffer Overflow
libzbar.so is vulnerable to Heap-based Buffer Overflow. A heap-based buffer overflow in the lookupsequence function allows an attacker to create a specially crafted QR code that, when scanned, could lead to information disclosure or arbitrary code execution...