12 matches found
EUVD-2022-1917
Malicious code in bioql PyPI...
CVE-2024-2948
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'userfavorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'nofavorites'. This makes it possib...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to read any user's workplace favorites and user menus, as well as all...
CVE-2024-2948
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'userfavorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'nofavorites'. This makes it possib...
WordPress Plugin Favorites 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-2304
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2304
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2304
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WordPress Plugin Favorites 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Nagios XI Security Vulnerability
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in the Favorites component of Nagios XI 5.8.0 before 1.0.2, which stems fr...
Pornhub: Stored XSS on the https://www.redtube.com/users/[profile]/collections
Researcher successfully closed the image 'alt' attribute and injected javascript by submitting an XSS payload as the collection title. This led to stored cross-site scripting on the user's collections page, executed against any users who visited the user's collections. The user's favorites page w...
Imgur: CSRF leads to a stored self xss
Followup from 311460 Summary Self xss and CSRF are both out of scope, but when paired it is possible to create an attack on a user. Description A favorites folder with an xss payload for a name will launch when saving an image to said folder. This can be verified by following these steps Visit yo...