WordPress Google Language Translator plugin <= 6.0.11 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Google Language Translator plugin versions = 6.0.11. Solution Update the WordPress Google Language Translator plugin to the latest available version at least 6.0.12...

Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Floating Widget Settings Custom tex...

Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Floating Widget Settings Custom text fo...

[SECURITY] Fedora 34 Update: rust-cranelift-wasm-0.77.0-1.fc34

Translator from WebAssembly to Cranelift IR...

Fedora: Security Advisory for rust-cranelift-wasm (FEDORA-2021-68713440cb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: rust-cranelift-wasm-0.77.0-1.fc35

Translator from WebAssembly to Cranelift IR...

Google Language Translator < 6.0.10 - Authenticated Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Cross-Site Scripting XSS only affecting older web browsers such as Internet Explorer = 9...

Google Language Translator < 6.0.10 - Authenticated (author+) Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Cross-Site Scripting XSS allowing a user with Author role to execute malicious JavaScript via the glt shortcode...

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks

Microsoft patched two bugs in its Chromium-based Edge browser last week, one of which could be used by an attacker to bypass security and to remotely inject and execute arbitrary code on any website just by sending a message. That security-bypassing bug, CVE-2021-34506, is rated CVSS 5.4, or...

Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site

Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 CVSS score: 5.4, the weakness...

Tencent Translator has information leakage vulnerability

Translator is Tencent's latest real-time conversation translation software, supporting Chinese, English, Japanese, Korean and other languages. It is characterized by accurate language recognition, high efficiency and free of charge. Tencent Translator has an information leakage vulnerability that...

XSS vulnerability with translator

Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input field...

GHSA-5QJQ-69W6-FG57 XSS vulnerability with translator

Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input field...

SUSE: Security Advisory (SUSE-SU-2020:0555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : liblouis (RHSA-2020:1708)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1708 advisory. Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and...

Debian DLA-2393-1 : snmptt security update

It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, could possibly execute arbitrary shell code with the privileges of the process or cause a...

Component Realtyna Translator Local File Inclusion Vulnerability in Joomla!

Joomla! is an open source, cross-platform content management system CMS developed using PHP and MySQL. A local file inclusion vulnerability exists in the Joomla! component Realtyna Translator. An attacker can exploit the vulnerability to obtain sensitive information...

DEBIAN-CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

GLSA-202007-63 : SNMP Trap Translator: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-63 SNMP Trap Translator: Multiple vulnerabilities It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. Impact : A remote attacker, b...

SNMP Trap Translator: Multiple vulnerabilities

Background SNMP Trap Translator SNMPTT is an SNMP trap handler written in Perl. Description It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. Impact A remote attacker, by sending a malicious crafted SNMP...