130 matches found
Cross site scripting
The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedifymsg parameter found in the /includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8...
CVE-2021-38352 Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting
The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedifymsg parameter found in the /includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8...
CVE-2021-38352
The CVE-2021-38352 entry concerns the WordPress plugin Feedify – Web Push Notifications . The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw triggered via the feedify_msg parameter in the file includes/base.php , affecting versions up to and including 2.1.8 . Successful exploitation...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
SearchDimension search hijackers: An overview of developments
Background information on SearchDimension SearchDimension is the name of a family of browser hijackers that makes money from ad clicks and search engine revenues. The family was named after the domain searchdimension.com that popped up in 2017, and they still sometimes use the letter combo SD in...
File-sharing and cloud storage sites: How safe are they?
There it is again—that annoying message that pops up when your email client informs you that a file is too big to attach. Those of us that are confronted with this problem on a regular basis—and those of us that want to attach files that could get picked up by anti-malware scanners along the...
CVE-2019-15827
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter...
CVE-2019-15827
The CVE-2019-15827 entry affects the WordPress plugin onesignal-free-web-push-notifications, specifically versions before 1.17.8. The vulnerability is an XSS via the subdomain parameter (POST or input handling) that can lead to client-side script execution within the context of an affected site. ...
OneSignal Web Push Notifications - Stored XSS
The OneSignal – Web Push Notifications WordPress plugin was affected by a Stored XSS security vulnerability...
WordPress OneSignal 1.17.5 Plugin (subdomain) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link: https://wordpress.org/plugins/onesignal-free-web-push-notifications/ Affected version...