Linux Distros Unpatched Vulnerability : CVE-2018-6389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from...

WordPress CM Header & Footer Script Loader plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin CM Header and Footer versions = 1.2.0...

WordPress CM Header & Footer Script Loader plugin <= 1.2.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin CM Header and Footer versions = 1.2.1...

WordPress CM Header & Footer Script Loader Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software CM Header & Footer Script Loader Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 36d111d1460e Credits...

GHSA-GPRJ-6M2F-J9HX DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script you load. This information is gathered by looking up the value of document.currentScript.src. It is possible to "clobber" this lookup with otherwise benign HTML on the page, for example:...

Publitas: CVE-2018-6389 exploitation - using scripts loader

An unauthenticated denial of service vulnerability in WordPress was discovered, tracked as CVE-2018-6389. By requesting a large number of JavaScript files through the load-scripts.php endpoint, an attacker could consume excessive resources on the server. This vulnerability could allow denial of...

MAL-2023-3 Malicious code in @hyperion-util/script-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fabcfd39cc4468aaddf92dd77dc548149fa6f7f8d09de7dc5af550bf8fbc2b81 The OpenSSF Package Analysis project identified '@hyperion-util/script-loader' @ 77.77.79 npm as malicious. It is considered malicious because: ...

Malicious code in @hyperion-util/script-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fabcfd39cc4468aaddf92dd77dc548149fa6f7f8d09de7dc5af550bf8fbc2b81 The OpenSSF Package Analysis project identified '@hyperion-util/script-loader' @ 77.77.79 npm as malicious. It is considered malicious because: ...

CVE-2018-6389

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times...

UBUNTU-CVE-2018-6389

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times...

PT-2018-17524 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.9.3 Description: The issue allows unauthenticated attackers to cause a denial of service by consuming resources. This can be achieved by constructing a series of requests to load a large number of registered .js...

MS Internet Explorer Remote Application.Shell Exploit

Exploit for unknown platform in category remote exploits ===================================================== MS Internet Explorer Remote Application.Shell Exploit ===================================================== function InjectedDuringRedirection...