CVE-2021-24920

The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24920

Summary: The WordPress StatCounter plugin (versions before 2.0.7) is vulnerable to stored XSS due to insufficient sanitization/escaping of the Project ID and Secure Code settings. This can allow high-privilege users to trigger JavaScript execution in sessions where unfiltered_html is disallowed. ...

CVE-2021-24920 StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting

The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress plugin StatCounter 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress StatCounter plugin version 2.0.7 previously had a cross-site scripting vulnerability, which originate...

StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Project ID or Secure Code settings...

StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Project ID or Secure Code settings...

WordPress StatCounter plugin <= 2.0.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ceylan Bozogullarindan in WordPress StatCounter plugin versions = 2.0.6. Solution Update the WordPress StatCounter plugin to the latest available version at least 2.0.7...

ro.statcounter.com Cross Site Scripting vulnerability OBB-2132923

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

zh_tw.statcounter.com Cross Site Scripting vulnerability OBB-2132918

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

gs.statcounter.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1157079 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software

Apple patched a high-severity iMessage bug found by Google Project Zero that can be exploited by an attacker who sends a specially-crafted message to a vulnerable iOS device. Those iPhones receiving the malicious message are rendered inoperable, or bricked. Apple patched the bug with the release ...

StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users

Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websit...

StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users

Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websit...

statcounter.com XSS vulnerability

Open Bug Bounty ID: OBB-261841 Description| Value ---|--- Affected Website:| statcounter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

statcounter.com XSS vulnerability

Open Bug Bounty ID: OBB-255702 Description| Value ---|--- Affected Website:| statcounter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

hi.statcounter.com XSS vulnerability

Open Bug Bounty ID: OBB-224913 Description| Value ---|--- Affected Website:| hi.statcounter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

fa.statcounter.com XSS vulnerability

Open Bug Bounty ID: OBB-224914 Description| Value ---|--- Affected Website:| fa.statcounter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ml.statcounter.com XSS vulnerability

Open Bug Bounty ID: OBB-224906 Description| Value ---|--- Affected Website:| ml.statcounter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

tr.statcounter.com XSS vulnerability

Open Bug Bounty ID: OBB-224905 Description| Value ---|--- Affected Website:| tr.statcounter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...