6 matches found
EUVD-2007-6356
Malware in sbrugna...
Visitors Traffic Real Time Statistics < 1.13 - CSRF to Stored XSS/SQLi
A CSRF vulnerability in the plugin gives attackers the possibility to craft an AJAX request, which lets blog administrators alter plugin settings. Due to a lack of encoding for malicious data when displaying it in the admin backend, there is a Stored XSS. Also, as the user input coming from the...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting XSS attacks on the blog page...
CVE-2007-6390
Cross-site request forgery CSRF vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting XSS attacks on the blog page...
CVE-2007-6390
Cross-site request forgery CSRF vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting XSS attacks on the blog page...
CVE-2007-6390
CVE-2007-6390 affects the Serendipity mycalendar plugin (pre-0.13). The vulnerability is a CSRF flaw that could allow an attacker to perform actions as a blog administrator, which could be leveraged to enable or facilitate XSS on the blog page. Affected component: mycalendar plugin for Serendipit...