27 matches found
EUVD-2014-3778
Malware in sbrugna...
EUVD-2022-42735
Malicious code in bioql PyPI...
CVE-2022-3350
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2014-3841
Cross-site scripting XSS vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information...
CVE-2022-3350
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3350
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3350 Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-21784 · WordPress · Contact Bank Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Contact Bank WordPress plugin versions 3.0.30 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowe...
CVE-2022-3350
The CVE-2022-3350 entry concerns the Contact Bank WordPress plugin (versions ≤ 3.0.30). The vulnerability arises from insufficient sanitisation/escaping of Form settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., mul...
WordPress plugin Contact Bank 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2022-3350 Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Contact Bank plugin <= 3.0.30 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Zhang Yunpei in WordPress Contact Bank plugin versions = 3.0.30. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a...
Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a form and put the following...
Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a form and put the following...
WordPress Contact Bank Plugin <= 2.1.21 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Contact Bank <= 2.1.21 - Cross-Site Scripting (XSS)
The Contact Bank – Contact Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
WordPress Contact Bank 2.1.21 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting in Contact Bank WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------...
WordPress Contact Bank Plugin <= 2.0.225 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Upgrade the plugin...
Contact Bank <= 2.0.225 - Authenticated Cross-Site Scripting (XSS)
The Contact Bank – Contact Form Builder for WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...