CVE-2022-4479

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

Cross site scripting

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4479

CVE-2022-4479 affects the WordPress plugin Table of Contents Plus v2212 and earlier. The vulnerability arises because the plugin does not validate and escape certain shortcode attributes before echoing them in the page, enabling a Stored XSS attack. Impacted scenario: a user with as little as the...

CVE-2022-4479 Table of Contents Plus < 2212 - Contributor+ Stored XSS

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4479 Table of Contents Plus < 2212 - Contributor+ Stored XSS

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

PT-2023-14554 · WordPress · Table Of Contents Plus

Name of the Vulnerable Software and Affected Versions: Table of Contents Plus WordPress plugin versions prior to 2212 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could lead to Stored Cross-Site Scripting attacks. Users with a role as lo...

WordPress Plugin Table of Contents Plus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Joli Table Of Contents Plugin <= 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Joli Table Of Contents Type Plugin Vulnerable versions = 1.3.9 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46820 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d76be68ea78 Credits minhtuanact...

Table of Contents Plus < 2212 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. toc...

Code injection

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A cross-site scripting vulnerability exists in versions prior to Discourse DiscoTOC 2.1.0, which stems from the lack of escaping and filtering of input data on pages that can...

PT-2022-24858 · Discotoc · Discotoc

Name of the Vulnerable Software and Affected Versions: DiscoTOC versions prior to the fixed version on the main branch Description: The issue allows users to inject arbitrary HTML on a topic's page if they can create topics in TOC-enabled categories and have a sufficient trust level. The estimate...

PT-2022-8901 · Unknown · Markdown-It-Toc

Name of the Vulnerable Software and Affected Versions: markdown-it-toc versions affected versions not specified Description: The issue affects the generation of the table of contents toc in markdown-it-toc, where the title of the generated toc and the contents of the header are not properly...

markdown-it-toc 跨站脚本漏洞

markdown-it-toc is a syntax for adding an automatically generated table of contents to the markdown-it markdown parser by the US-based individual developer Sam Chrisinger. A security vulnerability exists in markdown-it-toc, which stems from the fact that the title and the content of the title of...

WordPress Joli Table Of Contents plugin <= 1.3.8 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Joli Table Of Contents plugin versions = 1.3.8. Solution Update the WordPress Joli Table Of Contents plugin to the latest available version at least 1.3.9...

WordPress Joli Table Of Contents plugin <= 1.3.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Joli Table Of Contents plugin versions = 1.3.8. Solution Update the WordPress Joli Table Of Contents plugin to the latest available version at least 1.3.9...

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0895-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...

Cross-site Scripting (XSS)

Overview markdown-it-toc is an Adds syntax for an automatically generated table of contents to markdown-it markdown parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The title of the generated toc and the contents of the header are not escaped. PoC // XSS from...

New Book! The Best of TaoSecurity Blog, Volume 1

I'm very pleased to announce that I've published a new book! It's The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice. It's available now in the Kindle Store, and if you're a member of Kindle Unlimited, it's currently free. I may also publish a print...

[SECURITY] Fedora 31 Update: xar-1.8.0.417.1-1.fc31

The XAR project aims to provide an easily extensible archive format. Import ant design decisions include an easily extensible XML table of contents for ran dom access to archived files, storing the toc at the beginning of the archive to allow for efficient handling of streamed archives, the abili...