17 matches found
CVE-2025-61113
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...
EUVD-2025-37022
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...
CVE-2025-61113
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...
CVE-2025-61113
TalkTalk Android app v3.3.6 has improper access control across multiple API endpoints. The issue allows parameter tampering to extract sensitive user data (device identifiers, birthdays) and private group information (including join credentials). Impact is privacy breach and unauthorized access t...
CVE-2025-61113
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...
PT-2025-44419
Name of the Vulnerable Software and Affected Versions TalkTalk version 3.3.6 Description The TalkTalk 3.3.6 Android App has improper access control issues in several API endpoints. Modifying request parameters can allow attackers to get sensitive user information, like device identifiers and...
CVE-2022-1643
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
WordPress Birthdays Widget plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Birthdays Widget plugin version 1.7.18 and earlier is vulnerable to a cross-site scripting...
CVE-2022-1643
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-1643
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-1643 Birthdays Widget <= 1.7.18 - Admin+ Stored Cross Site Scripting
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-1643
The CVE-2022-1643 entry concerns the WordPress Birthdays Widget plugin (versions
WordPress plugin Birthdays Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Birthdays Widget plugin version 1.7.18 and earlier is vulnerable to a cross-site scripting...
WordPress Birthdays Widget plugin <= 1.7.18 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Rutuja Chaudhari in WordPress Birthdays Widget plugin versions = 1.7.18. Solution Deactivate and delete. This plugin has been closed as of April 8, 2022 and is not available for download. This closure is temporary, pending a full review...
Birthdays Widget <= 1.7.18 - Admin+ Stored Cross Site Scripting
The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed As admin, create/edit a Birthday and add the following payload in the Name field:...
Birthdays - Free - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Birthdays - Free published at the 'play' market has multiple vulnerabilities...
bingbox.txt
Bingbox.com Homepage: http://www.bingbox.com Affected files: Profile input boxes: - City input Registering Viewing Birthdays Adding a friend Viewing people online ----------------------------------------------- XSS with cookie disclosure via inviting friends:...