nantouphoto.org.tw Cross Site Scripting vulnerability

Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting nantouphoto.org.tw website and its users. Following...

WordPress Custom CSS Pro plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities

Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS vulnerabilities found by Cryptography Laboratory in WordPress Custom CSS Pro plugin versions = 1.0.3. Solution Update the WordPress Custom CSS Pro plugin to the latest available version at least 1.0.4...

KLA11524 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service, perform cross-site scripting attack, obtain sensitive information, execute arbitrary code. Below is a...

KLA11515 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting attack, spoof user interface, obtain sensitive information, execute arbitrary code. Below is a complete...

Cross-Site Scripting (XSS)

antixss is vulnerable to cross-site scripting XSS. The library does not properly evaluate characters after the detection of a Cascading Style Sheets CSS escaped character, which allows remote attackers to conduct cross-site scripting XSS attacks via HTML input...

CVE-2019-5984

Cross-site request forgery CSRF vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2019-5984

Cross-site request forgery CSRF vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2019-5984

Cross-site request forgery CSRF vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2019-5984

The CVE-2019-5984 entry concerns the WordPress plugin Custom CSS Pro (versions ≤ 1.0.3). The root issue is a cross-site request forgery (CSRF) that can allow remote attackers to hijack administrator sessions, enabling unauthorized actions when a logged-in admin views a malicious page. Public sour...

PT-2019-17918 · Unknown · Custom Css Pro

Name of the Vulnerable Software and Affected Versions: Custom CSS Pro versions 1.0.3 and earlier Description: A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators. The attack vectors are not specified. Recommendations: For Custom CSS Pro versio...

WordPress Ocean Extra plugin <= 1.5.8 - Unauthenticated CSS injection vulnerability

Unauthenticated CSS injection vulnerability found by Jerome Bruandet in WordPress Ocean Extra plugin versions = 1.5.8. Solution Update the WordPress Ocean Extra plugin to the latest available version at least 1.5.9...

Ocean Extra <= 1.5.8 - Unauthenticated Settings change and CSS injection

The Ocean Extra WordPress plugin was affected by an Unauthenticated Settings change and CSS injection security vulnerability...

Valve: Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message

Overview Counter-Strike: Global Offensive's UI is built of a framework called Panorama which is heavily influenced by modern HTML/CSS with JS capabilities. Because of these properties, the UI becomes easily vulnerable to different types of code injection, most notably XSS. Previously, it was...

WordPress Plugin "Custom CSS Pro" vulnerable to cross-site request forgery

Overview WordPress Plugin "Custom CSS Pro" provided by WaspThemes contains a cross-site request forgery vulnerability CWE-352. Dai Nakamura of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability to the develop...

WordPress Custom CSS Pro plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Custom CSS Pro plugin is a CSS editor plugin used in it. A cross-site request forgery vulnerability exists in WordPress Custom CSS Pro...

JVN#29933378: WordPress Plugin "Custom CSS Pro" vulnerable to cross-site request forgery

WordPress Plugin "Custom CSS Pro" provided by WaspThemes contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided...

Custom CSS Pro <= 1.0.3 - CSRF & XSS

The Custom CSS Pro WordPress plugin was affected by a CSRF & XSS security vulnerability...

Debian DLA-1825-1 : kdepim security update

A reply-based decryption oracle was found in kdepim, which provides the KMail e-mail client. An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline character...

openSUSE Security Update : libcroco (openSUSE-2019-1575)

This update for libcroco fixes the following issues : Security issues fixed : - CVE-2017-7960: Fixed heap overflow input: check end of input before reading a byte bsc1034481. - CVE-2017-7961: Fixed undefined behavior tknzr: support only max long rgb values bsc1034482. - CVE-2017-8834: Fixed denia...