PT-2021-16142 · WordPress · Chameleon Cms

Name of the Vulnerable Software and Affected Versions: Chameleon CSS WordPress plugin versions 1.2 and earlier Description: The issue allows any authenticated user to perform unauthorized actions due to the lack of CSRF and capability checks in all AJAX calls. Specifically, the remove css AJAX ca...

Sourcecodester Online Event Booking and Reservation System SQL Injection Vulnerability

Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students, and instructors. sourcecodester Online Event Booking and...

Sourcecodester Online Event Booking and Reservation System Cross-Site Scripting Vulnerability

Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by 3 types of users, namely system administrators, students and faculty. sourcecodester Online Event Booking and Reservation...

Sourcecodester Online Event Booking and Reservation System HTML Injection Vulnerability

Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students and teachers. Sourcecodester Online Event Booking and...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Chameleon CSS plugin in version 1.2 and earlier, which...

Bootstrap-Table has an unspecified vulnerability

Bootstrap-Table is an open source extension table from the individual developers of China Wenzhixin that integrates with some of the most widely used Css frameworks. bootstrap-table has a security vulnerability that stems from improper design or implementation during the development of code for a...

Mozilla Firefox Security Advisory (MFSA2016-59) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2020-22222

Stivasoft Phpjabbers Fundraising Script v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the pjActionLoadCss function...

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0120)

The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a...

Code injection

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

Code injection

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

XSS in the `of` option of the `.position()` util in jquery-ui

Impact Accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. For example, invoking the following code: js $ "element" .position my: "left top", at: "right bottom", of: "", collision: "none" ; will call the doEvilThing function. Patches The...

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

CVE-2021-41184 XSS in the `of` option of the `.position()` util

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

Rocket.Chat: Impersonation in Sequential Messages

The vulnerability allowed an attacker to impersonate another user in sequential messages. The vulnerability existed in Rocket.Chat versions 3.18.2 and 4.0.3. It was caused by the ability to hide the leading message in a sequence using the customClass or className message attributes, making the...

CVE-2021-39184

Electron vulnerability CVE-2021-39184 affects sandboxed renderers extracting thumbnails of arbitrary files via the createThumbnailFromPath API. Older Electron versions (before 11.5.0, 12.1.0, and 13.3.0) are impacted; fixes are provided in 11.5.0+, 12.1.0+, and 13.3.0+. All documented workarounds...

WordPress Easy Custom Js And Css plugin <= 1.1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Easy Custom Js And Css plugin versions = 1.1.2. Solution No known fix...

Chameleon CSS <= 1.2 - Subscriber+ SQL Injection

The plugin does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST parameter before using it in a SQL...