OPENSUSE-SU-2020:2178-1 Security update for opera

This update for opera fixes the following issues: - Update to version 72.0.3815.400 - DNA-88996 Mac Vertical spacing of sidebar items incorrect - DNA-89698 Mac text on bookmark bar not visible when application is not focused - DNA-89746 Add product-name switch to Opera launcher and installer -...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2020:2178-1 Rating: important References: Cross-References: CVE-2020-16013 CVE-2020-16017 Affected Products: openSUSE Leap 15.2:NonFree openSUSE Leap 15.1:NonFree An update that fixes two vulnerabilities is now...

Security update for neomutt (moderate)

openSUSE Security Update: Security update for neomutt Announcement ID: openSUSE-SU-2020:2157-1 Rating: moderate References: 1172906 1172935 1173197 1179035 1179113 Cross-References: CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-28896 Affected Products: openSUSE Backports SLE-15-SP1 An...

Security update for neomutt (moderate)

openSUSE Security Update: Security update for neomutt Announcement ID: openSUSE-SU-2020:2158-1 Rating: moderate References: 1172906 1172935 1173197 1179035 1179113 Cross-References: CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-28896 Affected Products: openSUSE Backports SLE-15-SP2 An...

Security update for neomutt (moderate)

openSUSE Security Update: Security update for neomutt Announcement ID: openSUSE-SU-2020:2127-1 Rating: moderate References: 1172906 1172935 1173197 1179035 1179113 Cross-References: CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-28896 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15....

WordPress Lightweight Sidebar Manager <= 1.1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Lightweight Sidebar Manager versions = 1.1.3. Solution Update the WordPress Lightweight Sidebar Manager to the latest available version at least 1.1.4...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2020:1324-1 Rating: important References: Cross-References: CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546...

CVE-2020-25033

The Blubrry subscribe-sidebar aka Subscribe Sidebar plugin 1.3.1 for WordPress allows subscribesidebar.php&status= reflected XSS...

CVE-2020-25033

The Blubrry subscribe-sidebar aka Subscribe Sidebar plugin 1.3.1 for WordPress allows subscribesidebar.php&status= reflected XSS...

CVE-2020-25033

The CVE-2020-25033 entry concerns the Blubrry Subscribe Sidebar WordPress plugin (version up to 1.3.1). The issue is a reflected XSS in subscribe_sidebar.php via the status parameter (e.g., ...?page=subscribe_sidebar.php&status=...), allowing script execution. Some sources label the flaw as authe...

CVE-2020-25033

The Blubrry subscribe-sidebar aka Subscribe Sidebar plugin 1.3.1 for WordPress allows subscribesidebar.php&status= reflected XSS...

PT-2020-15901 · Blubrry · Blubrry Subscribe-Sidebar Plugin

Name of the Vulnerable Software and Affected Versions: Blubrry subscribe-sidebar plugin version 1.3.1 Description: The issue allows for reflected XSS in the subscribe-sidebar.php file. This can be exploited through the status parameter. Recommendations: For version 1.3.1, update to a newer versio...

Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting

The 'status' GET parameter in subscribesidebar.php, which is displayed in the plugin's option page, is vulnerable to reflected XSS attacks. PoC /wp-admin/options-general.php?page=subscribesidebar.php=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E...

WordPress Subscribe Sidebar plugin <= 1.3.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found by ZeroAptitude in WordPress Subscribe Sidebar plugin versions = 1.3.1. Solution 2020-12-28 - we were unable to find a patched version of this plugin. Notice from WordPress.org: "This plugin has been closed as of June 23, 2020 a...

Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting

The 'status' GET parameter in subscribesidebar.php, which is displayed in the plugin's option page, is vulnerable to reflected XSS attacks. /wp-admin/options-general.php?page=subscribesidebar.php&status=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E...

CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

openSUSE Security Update : opera (openSUSE-2020-402)

This update for opera fixes the following issues : Update to version 67.0.3575.97 - DNA-84063 Open URL in new tab with Go to web address in search/copy popup and right mouse click context menu - DNA-84780 Search in Search and Copy popup opens tab in wrong position from popup window - DNA-84786...

Security update for opera (moderate)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2020:0402-1 Rating: moderate References: Affected Products: openSUSE Leap 15.1:NonFree An update that contains security fixes can now be installed. Description: This update for opera fixes the following issues: Updat...

Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/nexos-wp/wp-admin/admin.php?page=ownlistingaddlisting=8 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use «ENQUIRY FORM» on the right sidebar...

DEBIAN-CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...