187 matches found
MAL-2025-16478 Malicious code in cammy-web-analytics (npm)
The package cammy-web-analytics was found to contain malicious code...
CVE-2023-45057
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...
CVE-2023-45268
Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '...
CVE-2024-8513
The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsavepluginconfig function in all versions up to, and including, 4.1.0.0. This makes it possibl...
Web tracking report: who monitored users’ online activities in 2023–2024 the most
Web tracking has become a pervasive aspect of our online experience. Whether we're browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwid...
XSS and OAuth Combo Threatens Millions of Users Due to Hotjar Flaw
Cybersecurity Experts Uncover Critical Vulnerabilities in Leading Web Analytics Platform Hotjar, Potentially Exposing Sensitive Data of Millions of…...
The vulnerability of the BIG-IP Access Policy Manager, as well as software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, is related to incorrect session duration settings. This allows attackers to gain unauthorized access to protected information.
The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibili...
CVE-2023-45057
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...
CVE-2023-45057 WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...
CVE-2023-45057
CVE-2023-45057 is a stored XSS vulnerability in Hitsteps Web Analytics Plugin for WordPress, affecting all versions
CVE-2023-45057 WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...
WordPress Plugin Hitsteps Web Analytics Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Hitsteps Web Analytics < 5.87 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Hitsteps Web Analytics < 5.87 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2023-45268
Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...
CVE-2023-45268
Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...
CVE-2023-45268 WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...