CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-4460 Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

WordPress plugin Uploading SVG, WEBP and ICO files security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Important: qt5-qtimageformats

Issue Overview: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-4863 Affected Packages: qt5-qtimageformats Note: This advisory is...

Exploit for Classic Buffer Overflow in Apple Ipados

vulnerabilidad-LibWebP-CVE-2023-41064 longitudes de código par...

Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC As an author, upload an SVG file with malicious JavaScript: Access the file through its URL to see XSS...

Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. As an author, upload an SVG file with malicious JavaScript: alert"pwned by daniloalbugrque"; Access the file through its URL to see...

Exploit for Out-of-bounds Write in Google Chrome

level 1: craft.c - bad.webp bash exist: docker 813b6b757...

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2023-3186)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin = 3.7.1 versions...

CVE-2023-32512

CVE-2023-32512 is a CSRF vulnerability in the WordPress plugin ShortPixel Adaptive Images (WebP, AVIF, CDN, Image Optimization) vulnerable through versions

Unrestricted file upload

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

WordPress Plugin CITS Support svg, webp Media and TTF,OTF File Upload Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin CITS Support svg, webp Med...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron

Summary IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to electron CVE-2023-4863. Electron is used for Discovery Connectors in IBM App Connect Enterprise. Vulnerability Details CVEID:CVE-2023-4863 DESCRIPTION: Google Chrome is vulnerable to a heap-based buffer...

Important: thunderbird

Issue Overview: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-4863 Affected Packages: thunderbird Note: This advisory is applicable to...

Important: firefox

Issue Overview: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-4863 Affected Packages: firefox Note: This advisory is applicable to Amaz...

Fedora: Security Advisory for libwebp (FEDORA-2023-e692a72898)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Buffer Overflow

libexempi.so is vulnerable to Buffer Overflow. The vulnerability exists in the VP8XChunk function of WEBPSupport.cpp, allowing an attacker to crash the application by opening a maliciously crafted webp file...

WordPress cits-support-svg-webp-media-upload Plugin < 3.0 is vulnerable to Cross Site Scripting (XSS)

Software cits-support-svg-webp-media-upload Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5458 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c76219dcef8a Credits Bob Matyas...

CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC As an author, upload an SVG with the payload: View the SVG and see the XSS...