94 matches found
WP Spell Check < 9.13 - Ignored Word Deletion via CSRF
The plugin does not have CSRF check in place when deleting ignored words, allowing attacker to make a logged in admin delete them via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wp-spellcheck-ignore.php=4...
WP Spell Check < 9.13 - Ignored Word Deletion via CSRF
The plugin does not have CSRF check in place when deleting ignored words, allowing attacker to make a logged in admin delete them via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=wp-spellcheck-ignore.php&delete=4...
WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting
The plugin does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add a word to ignore via...
WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting
The plugin does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add a word to ignore via...
USN-5460-1: Vim vulnerabilities
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. CVE-2022-0554 It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs...
PT-2021-7387 · Vim +6 · Vim +6
Name of the Vulnerable Software and Affected Versions: Vim affected versions not specified Description: The issue is related to the spell iswordp function in the spell.c component of the Vim text editor, which lacks a check for an empty preword. This allows an attacker to access confidential data...
WP Spell Check < 9.3 - Reflected Cross-Site Scripting
The plugin does not escape the page and wpsc-scan-tab parameters before outputting them back in attributes, leading Reflected Cross-Site Scripting issues alert/XSS/' / alert/XSS/' /...
WP Spell Check < 9.3 - Reflected Cross-Site Scripting
The plugin does not escape the page and wpsc-scan-tab parameters before outputting them back in attributes, leading Reflected Cross-Site Scripting issues PoC...
WordPress WP Spell Check plugin <= 9.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress WP Spell Check plugin versions = 9.2. Solution Update the WordPress WP Spell Check plugin to the latest available version at least 9.3...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0938-1 Rating: important References: 1187141 1187481 Cross-References: CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0881-1 Rating: important References: 1187141 Cross-References: CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552...
CVE-2021-30549
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2021-30549
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30549
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
UBUNTU-CVE-2021-30549
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
Design/Logic Flaw
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30549
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30549
CVE-2021-30549 is a use-after-free in Chromium’s Spell check component affecting Chromium-based browsers up to version 91.0.4472.101. The vulnerability can be triggered when a user installs a malicious extension, potentially enabling heap corruption and remote code execution via a crafted HTML pa...
CVE-2021-30549
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30549
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...