CVE-2023-52121

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

CVE-2023-52121

Mode C: A CSRF vulnerability is present in NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images (WordPress plugin). Affected versions are up to 1.10.2; the OpenVAS entry indicates the issue exists in NitroPack versions prior to 1.10.3. The vulnerabi...

PT-2024-15056 · WordPress · Wp Compress – Image Optimizer

Name of the Vulnerable Software and Affected Versions: WP Compress – Image Optimizer All-In-One plugin for WordPress versions up to, and including, 6.10.33 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

WordPress JS & CSS Script Optimizer Plugin <= 0.3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software JS & CSS Script Optimizer Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52216 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b2115f84b7a4 Credits Nguyen Xuan...

Custom User CSS <= 0.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Create an HTML form with the following content and make a logged in admin open it document.forms0.submit;...

GitLab 1.0.2 < 14.8.6 / 14.9.0 < 14.9.4 / 14.10.0 < 14.10.1 (CVE-2022-1416)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0...

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0001-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0001-1 advisory. - Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HT...

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0002-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0002-1 advisory. - Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HT...

Input validation

ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypa...

CVE-2023-52081 ewen-lbh/ffcss late-Unicode normalization vulnerability

ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypa...

ffcss Security Vulnerabilities

ffcss is a CLI interface for applying and configuring Firefox CSS themes. A security vulnerability exists in versions prior to ffcss 0.2.0, which stems from a vulnerability that allows an attacker to introduce all characters of a regular expression by bypassing the limitations of the...

CSS & JavaScript Toolbox < 11.9 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-50823

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7...

CVE-2023-50823

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7...

CVE-2023-50823 WordPress CSS & JavaScript Toolbox Plugin <= 11.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7...

CVE-2023-50823 WordPress CSS & JavaScript Toolbox Plugin <= 11.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7...

CVE-2023-50823

CVE-2023-50823 is a stored XSS in the WordPress plugin CSS & JavaScript Toolbox (affected up to version 11.7). The issue stems from improper input neutralization during web page generation, enabling stored scripts to execute in the context of the affected site. Public issuances (NVD and Red Hat) ...

WordPress plugin CSS & JavaScript Toolbox Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...