Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change

In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. The below form will set the “Site...

Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change

In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. PoC The below form will set the...

WordPress Pootle Button Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Pootle Button plugin is one of the Pootle button plugin. A cross-site scripting vulnerability exists in WordPress...

Design/Logic Flaw

The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assetsurl parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php...

CVE-2017-15811

The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assetsurl parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php...

CVE-2017-15811

The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assetsurl parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php...

CVE-2017-15811

The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assetsurl parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php...

CVE-2017-15811

The CVE-2017-15811 entry concerns the Pootle Button plugin for WordPress, affecting versions before 1.2.0 with a Cross-Site Scripting (XSS) flaw. The vulnerability is triggered by the assets_url parameter in assets/dialog.php and is exploitable via wp-admin/admin-ajax.php, allowing an attacker to...

WordPress Pootle button plugin <=1.1.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found in WordPress Pootle button plugin versions =1.1.1. Solution Update the WordPress Pootle button plugin to the latest available version at least version 1.2.0...

WordPress Pootle Button 1.1.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Pootle button plugin 1.1.1 Pootle button plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

pootle button <= 1.1.1 - Authenticated Cross-Site Scripting (XSS)

The pootle button WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin-ajax.php?action=pbtndialog&assetsurl=%22%3E%3Cimg%20src=x%20onerror=alert1%3E...

WordPress Pootle Button 1.1.1 Cross Site Scripting

Class Input Validation Error Remote Yes Reflected Yes Credit Ricardo Sanchez Vulnerable Pootle button plugin 1.1.1 Pootle button plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

Drupal Facebook Like Button Module DRUPAL-SA-CONTRIB-2017-066 Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Facebook Like Button module DRUPAL-SA-CONTRIB-2017-066 due to the program failing to properly filter user-supplie...

Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066

This module provides a Facebook Like button on node pages and blocks. The module does not sufficiently sanitize output when configured to use custom css rules. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer fblikebutton". CVE...

CVE-2017-11725

The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...

CVE-2017-11725

The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...

Code injection

The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...

CVE-2017-11725

CVE-2017-11725 affects IBM Security Secret Server (Thycotic Secret Server) prior to 10.2.000019. The vulnerability resides in the share function where the Back Button is mishandled, causing unintended redirections (open redirect-like behavior) and potential user confusion or credential exposure r...

CVE-2017-11725

The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...

NetScaler SD-WAN 410-SE Stuck in Rescue Mode When Factory Reset Using NMI Button

NetScaler SD-WAN 410-SE stuck in rescue mode when it is factory reset using NMI reset button. User does not see the outputs mentioned in the reset Citrix Documentation. The following is a screenshot of recovery image landing in rescue environment: You will then see the Choose Box ID option:...