Cross site scripting

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Max Foundry Button Plugin MaxButtons plugin = 9.2 at WordPress...

CVE-2022-38703 WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Max Foundry Button Plugin MaxButtons plugin = 9.2 at WordPress...

CVE-2022-2709 Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Float to Top Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A cross-site scripting vulnerability exists in JGraph draw.io versions prior to 20.3.0, which stems from the application using a parameter to specify a url on the refresh and back buttons, assigning it to...

UI REDRESSING

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

Stored Cross Site Scripting (XSS) via "properties" during creating new users

Description From demo url login click people icon at the left bar click "Customers" Click "New Customer" button from page Fill up the "Edit" tab Click "Save" button above Click "Properties" tab From "Add a custom Property" field , add "Test" on the first field Click and select "text" on the secon...

Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Text for the button" or...

WordPress Float to Top Button plugin <= 2.3.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Float to Top Button plugin versions = 2.3.6. Solution Deactivate and delete. This plugin has been closed as of August 15, 2022 and is not available for download. This closure is temporary,...

Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text for the button" or "URL ...

CVE-2022-2375

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues...

CVE-2022-2375

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues...

CVE-2022-2375 WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues...

CVE-2022-2375

The CVE-2022-2375 entry corresponds to the WordPress WP Sticky Button plugin versions before 1.4.1, where a lack of authorization/CSRF checks when saving settings allows unauthenticated users to update settings. Some settings are also not escaped, enabling Stored Cross-Site Scripting (XSS) as des...

PT-2022-16248 · WordPress · Wp Sticky Button

Name of the Vulnerable Software and Affected Versions: WP Sticky Button WordPress plugin versions prior to 1.4.1 Description: The issue concerns a lack of authorization and CSRF checks when saving settings, allowing unauthenticated users to update them. This could also lead to Stored Cross-Site...

WordPress plugin WP Sticky Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2022-34173

In Jenkins 2.340 through 2.355 both inclusive the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

Malicious code in amex-eapply-dxp-component-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ffe490b75b611f35ad4950884acd2611d2fd1835b07784611dc51f8d36baea8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-964 Malicious code in amex-eapply-dxp-component-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ffe490b75b611f35ad4950884acd2611d2fd1835b07784611dc51f8d36baea8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Button Plugin MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...