35 matches found
CVE-2024-0626
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callbackhandler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid...
WordPress Plugin WooCommerce Clover Payment Gateway 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...
CVE-2023-4040
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcallbackhandler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order...
CVE-2023-4040
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcallbackhandler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order...
Authentication flaw
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbusserver in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary comman...
CVE-2022-42463 Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ...
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbusserver in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary comman...
CVE-2022-42463
OpenHarmony v3.1.2 and earlier suffer an authentication bypass in the Softbus_server callback handler within the communication subsystem. By sending Bluetooth RFCOMM packets to a remote device, an attacker can cause arbitrary command execution on distributed networks. The issue is documented acro...
PT-2022-26446 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.2 Description: The issue is related to an authentication bypass vulnerability in the callback handler function of Softbus server in the communication subsystem. Attackers can exploit this by sending Bluetooth...
Reflected XSS from the callback handler's error query parameter
Overview Overview @auth0/nextjs-auth0 versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are...
GHSA-954C-JJX6-CXV7 Reflected XSS from the callback handler's error query parameter
Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...
Reflected XSS from the callback handler's error query parameter
Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...
Cross-site Scripting (XSS)
@auth0/nextjs-auth0 is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious code via an error query parameter processed by the callback handler as an error message...
Auth0 跨站脚本漏洞
Auth0 is is an authentication agent that supports social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. The Auth0 Next.js SDK suffers from a cross-site scripting vulnerability that stems from the vulnerability to reflected XSS in versions 1.4.1 a...
Open Redirects
github.com/concourse/atc is vulnerable to open redirect attacks. These attacks are possible because the oauthcallbackhandler doesn't validate that the redirect URL is one within the website...
Unspecified Security Bypass Vulnerability in Drupal JavaScript Callback Handler
Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . JavaScript Callback Handler is an efficient Ajax Callback module . An unspecified security bypass vulnerability exists in the Drupal JavaScript Callback Handler module. A...