2673 matches found
CVE-2024-10850
CVE-2024-10850 affects the Razorpay Payment Button Elementor Plugin for WordPress. All versions up to and including 1.2.5 are vulnerable to Reflected Cross-Site Scripting due to improper escaping of URLs via add_query_arg/remove_query_arg, enabling unauthenticated attackers to inject scripts if a...
CVE-2024-10850 Razorpay Payment Button for Elementor <= 1.2.5 - Reflected Cross-Site Scripting
The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacker...
CVE-2024-10851 Razorpay Payment Button <= 2.4.6 - Reflected Cross-Site Scripting
The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...
CVE-2024-10851
CVE-2024-10851 : Razorpay Payment Button Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to and including 2.4.6 due to improper escaping when using add_query_arg/remove_query_arg. Unauthenticated attackers can inject scripts if a user is tricked into an act...
WordPress plugin Razorpay Payment Button Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
WordPress plugin Razorpay Payment Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Razorpay Payment Button plugin <= 2.4.6 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Razorpay Payment Button versions = 2.4.6...
WordPress Razorpay Payment Button Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)
Software Razorpay Payment Button Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10851 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88605e5d5760 Credits Peter...
PT-2024-16590 · Razorpay · Razorpay Payment Button Plugin
Name of the Vulnerable Software and Affected Versions: Razorpay Payment Button Plugin versions prior to 2.4.6 Description: The Razorpay Payment Button Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate...
WordPress Social button plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Social button versions = 1.3...
WordPress Social button Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Social button Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51866 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3298adb5e8ae Credits SOPROBRO Required privilege Contributor...
firefox: thunderbird: Clipboard "paste" button persisted across tabs
The Mozilla Foundation's Security Advisory: A clipboard "paste" button could persist across tabs which allowed a spoofing attack...
firefox: thunderbird: Clipboard "paste" button persisted across tabs
The Mozilla Foundation's Security Advisory: A clipboard "paste" button could persist across tabs which allowed a spoofing attack...
firefox: thunderbird: Clipboard "paste" button persisted across tabs
The Mozilla Foundation's Security Advisory: A clipboard "paste" button could persist across tabs which allowed a spoofing attack...
firefox: thunderbird: Clipboard "paste" button persisted across tabs
The Mozilla Foundation's Security Advisory: A clipboard "paste" button could persist across tabs which allowed a spoofing attack...
Directory Traversal
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths in the processingutils.asyncmovefilestocache function. An attacker can read arbitrary...
Gradio 路径遍历漏洞
Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in Gradio versions 5.0.0 through 5.4.0, which stems from a File or UploadButton component, when used to preview fi...
WordPress plugin Active Products Tables for WooCommerce 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Active Products Tables for WooCommerce version 1.0.6.4 and earlier versions exist...
PT-2024-34882 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.5.0 Description: The issue allows an attacker with access to the application to abuse File or UploadButton components and read arbitrary files from the application server. This is possible because the client utils.i...
GHSA-3GF9-WV65-GWH9 gradio Server Side Request Forgery vulnerability
In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...