6 matches found
WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path...
PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons
Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits the PHPSELF variable. In yesterday’s post, we described another plugin, underConstruction, suffering from a similar vulnerability related to the use of...
CVE-2021-39322
creationtimestamp| type| source ---|---|--- 2021-09-02 20:36:31+00:00| seen| https://t.me/cibsecurity/28226 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39322.yaml...
CVE-2021-39322 Easy Social Icons <= 3.0.8 - Reflected Cross-Site Scripting
The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path...
CVE-2021-39322
The CVE-2021-39322 entry relates to the WordPress Easy Social Icons plugin (versions
CVE-2021-39322 Easy Social Icons <= 3.0.8 - Reflected Cross-Site Scripting
The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path...