45 matches found
EUVD-2021-11566
Malware in sbrugna...
EUVD-2021-11626
Malware in sbrugna...
EUVD-2022-24351
Malicious code in bioql PyPI...
CVE-2022-1001
The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is...
CVE-2025-46721
nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...
The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the insufficient protection of the website structure, which allows attackers to carry out cross-site attacks.
The vulnerability of the Microsoft Dynamics 365 resource planning software is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site attacks remotely...
The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the insufficient protection of the website structure, which allows attackers to carry out cross-site attacks.
The vulnerability of the Microsoft Dynamics 365 resource planning software is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site attacks remotely...
PT-2023-8750 · Quarkus · Quarkus
Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: The issue is related to the Quarkus Form Authentication session cookie Path attribute being set to /, which may lead to a cross-site attack and potentially result in Information Disclosure...
SAP Enable Now Cross-Site Scripting Vulnerability
SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for e-learning and training in SAP and non-SAP systems. A cross-site scripting vulnerability exists in SAP Enable Now 10 version 1. The vulnerability stems from failure to...
CVE-2022-27779
A vulnerability was found in curl. The issue occurs because curl wrongly allows HTTP cookies to be set for Top Level Domains TLDs if the hostname is provided with a trailing dot. This flaw allows arbitrary sites to set cookies that get sent to a different and unrelated site or domain by a malicio...
WordPress plugin Donorbox cross-site scripting vulnerability
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to WordPress plugin Donorbox 7.1.7. The vulnerability stems from the fact that...
CVE-2022-1001
The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is...
CVE-2022-1001
CVE-2022-1001 corresponds to a stored Cross-Site Scripting vulnerability in the WordPress WP Downgrade plugin prior to version 1.2.3. The issue arises because the plugin validates the WordPress Target Version setting only on the client side and does not sanitize/escape it server-side, enabling hi...
The vulnerability of the Covid-19 contact tracing system’s web app that uses QR code scanning lies in the insufficient protection of operational data, allowing attackers to carry out cross-site attacks.
The vulnerability of the Covid-19 contact tracing system’s web app with QR code scanning lies in the insufficient protection of sensitive data when the username parameter is used on the login page. Exploiting this vulnerability could allow a malicious actor to perform cross-site attacks using a...
CVE-2021-24714
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24714
CVE-2021-24714 affects the WordPress plugin WP All Import (Import any XML or CSV File to WordPress)
14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers
Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious...
CVE-2021-24654
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...
CVE-2021-24654
CVE-2021-24654 affects the WordPress plugin User Registration (before 2.0.2). The vulnerability arises because user_registration_profile_pic_url is not properly sanitised when submitted via the user_registration_update_profile_details AJAX action, allowing any authenticated user (e.g., a subscrib...