EUVD-2021-11390

Malware in sbrugna...

CVE-2021-24478

The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...

de.digitalcollections:iiif-bookshelf-webapp (>=3.1.1 <=4.0.0), net.aequologica.neo:dagr-vebchar (=0.5.2-alpha) +43 more potentially affected by CVE-2025-1647 via org.webjars.npm:bootstrap (>=3.4.1 <=4.0.0-beta.3)

org.webjars.npm:bootstrap MAVEN version =3.4.1, =3.1.1, =1.0.5, =1.0.4, =0.1.0, =0.5.0 - org.webjars.npm:bootstrap-print =3.1.2 - org.webjars.npm:bootstrap-social =5.1.1 - org.webjars.npm:bootstrap-sweetalert =1.0.1 - org.webjars.npm:bootstrap-tour =0.12.0 -...

CVE-2024-13464

The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

Calibre-Web 访问控制错误漏洞

Calibre-Web is a web application for browsing, reading, and downloading eBooks from the Calibre database by Jan B, an individual developer. An access control error vulnerability exists in Calibre-Web that stems from the createshelf method in shelf.py not verifying that a user has the required...

Calibre-Web 安全漏洞

Calibre-Web is a web application for browsing, reading, and downloading eBooks from the Calibre database by Jan B Individual Developer. A security vulnerability exists in Calibre-Web that originates from allowing unauthorized users to view the names of private bookshelves belonging to other users...

CVE-2022-42001 Potential XSS in book navigation

Cross-site Scripting XSS vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation...

BlueSpice 跨站脚本漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A cross-site scripting vulnerability exists in BlueSpice's BlueSpiceBookshelf extension. An attacker could exploit the vulnerability to inject arbitrary HTML into the book navigation...

WordPress Bookshelf plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Bookshelf plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in the Bookshelf...

CVE-2021-24478

The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2021-24478

The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...

Cross site scripting

The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2021-24478 Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...

WordPress 插件 跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Bookshelf plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in the Bookshelf...

Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Add the following payload in the "Paypal email address" setting of the plugin /wp-admin/admin.php?page=bookshelf-settings: ...

Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue Add the following payload in the "Paypal email address" setting of the plugin /wp-admin/admin.php?page=bookshelf-settings:...

WordPress Bookshelf plugin <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ABISHEIK M in WordPress Bookshelf plugin versions = 2.0.4. Solution Deactivate and delete. This plugin has been closed as of May 25, 2021 and is not available for download. Reason: Security Issue...

bookshelf.ca Cross Site Scripting vulnerability

Security Researcher ELProfesor Helped patch 2744 vulnerabilities Received 8 Coordinated Disclosure badges Received 105 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting bookshelf.ca website and its users. Following...

thaispecial.com XSS vulnerability

Vulnerable URL: http://thaispecial.com/bookshop/bookshelf.asp?shelfshow=text=newbook=1"...

FBReader Bookshelf - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application FBReader Bookshelf published at the 'play' market has multiple vulnerabilities...