EUVD-2019-17824

Malware in sbrugna...

U.S. Dept Of Defense: Cross-Site Scripting via 'autoPlay' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website through the 'autoPlay' parameter in the GET method. Exploitation of this vulnerability allowed the injection of malicious scripts that could be executed. A proof-of-concept was provided demonstrating an alert pop-up...

WordPress Automatic plugin <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via autoplay Parameter vulnerability discovered by haidv35 in WordPress Plugin Automatic versions = 3.94.0...

PT-2024-33126 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin plugin for WordPress versions up to, and including, 3.94.0 Description: The issue is related to Stored Cross-Site Scripting via the autoplay parameter due to insufficient input sanitization and output escaping. This...

CVE-2019-8434

In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter...