9 matches found
EUVD-2022-51809
Malicious code in bioql PyPI...
CVE-2022-2189
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
PT-2024-30403 · WordPress · Wp Video Lightbox
Name of the Vulnerable Software and Affected Versions: WP Video Lightbox plugin for WordPress versions up to, and including, 1.9.10 Description: The issue is related to Stored Cross-Site Scripting via the width parameter due to insufficient input sanitization and output escaping. This allows...
CVE-2022-4465
The vulnerability CVE-2022-4465 affects the WP Video Lightbox WordPress plugin, specifically versions prior to 1.9.7. The issue arises because the plugin does not validate and escape certain shortcode attributes before output, enabling Stored XSS attacks. This could allow users with a low-privile...
CVE-2022-4465 WP Video Lightbox < 1.9.7 - Contributor+ Stored XSS
The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-2189 WP Video Lightbox < 1.9.5 - Reflected Cross-Site Scripting
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
WordPress plugin WP Video Lightbox 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2021-24665
The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24665
The CVE-2021-24665 entry affects the WP Video Lightbox WordPress plugin (versions before 1.9.3). The root cause is failure to escape shortcode attribute values, allowing stored Cross-Site Scripting (XSS) by users with as low as contributor privileges. Reported impact is XSS that could be triggere...