36 matches found
EUVD-2009-4014
Malware in sbrugna...
EUVD-2021-11480
Malware in sbrugna...
CVE-2021-24616
The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24568
The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
DRUPAL-CONTRIB-2023-019
This module provides social media share & follow buttons. The module doesn't sufficiently restrict AddToAny block settings to users who have permission to administer AddToAny. This allows users with lower permission to configure malicious code leading to a Cross Site Scripting XSS vulnerability...
DRUPAL-CONTRIB-2023-018
This module provides social media share & follow buttons. The module doesn't sufficiently check access to a node when retrieving the label of an AddToAny block. This vulnerability is mitigated by the fact it requires the node ID to be passed via the route, requiring another module or specific...
AddToAny Share Buttons - Moderately critical - Access bypass - SA-CONTRIB-2023-018
This module provides social media share & follow buttons. The module doesn't sufficiently check access to a node when retrieving the label of an AddToAny block. This vulnerability is mitigated by the fact it requires the node ID to be passed via the route, requiring another module or specific...
AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-019
This module provides social media share & follow buttons. The module doesn't sufficiently restrict AddToAny block settings to users who have permission to administer AddToAny. This allows users with lower permission to configure malicious code leading to a Cross Site Scripting XSS vulnerability...
WordPress AddToAny Share Buttons Plugin < 1.7.48 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress AddToAny Share Buttons Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress AddToAny Share Buttons plugin in versions prior t...
CVE-2021-24616
CVE-2021-24616 affects the WordPress AddToAny Share Buttons plugin prior to 1.7.48. The root cause is failure to escape the Image URL button setting, enabling Cross-Site Scripting (XSS) where high-privilege users could inject script, even if unfiltered_html is disallowed. Public sources (NVD, CNV...
CVE-2021-24616 AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting
The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress 插件 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress AddToAny Share Buttons plugin in versions prior t...
CVE-2021-24568
The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24568 AddToAny < 1.7.46 - Authenticated Stored XSS
The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24568
CVE-2021-24568 affects the WordPress AddToAny Share Buttons plugin prior to 1.7.46. The root cause is lack of sanitization of the Sharing Header setting when it is output in frontend pages, enabling authenticated users (e.g., admins) to perform stored XSS if the unfiltered_html capability is disa...
WordPress plugin AddToAny Share Buttons 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress plug...
AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add the following payload in the Universal Button Image URL settings: " onerror=alert/XSS/ " The...
WordPress AddToAny Share Buttons plugin <= 1.7.47 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by TYM in WordPress AddToAny Share Buttons plugin versions = 1.7.47. Solution Update the WordPress AddToAny Share Buttons plugin to the latest available version at least 1.7.48...
AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add the following payload in the Universal Button Image URL settings: " onerror=alert/XSS/ " The XSS...