45 matches found
CVE-2022-1937
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...
CVE-2022-1938
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings...
CVE-2022-1938 Awin Data Feed < 1.8 - Unauthenticated Stored Cross-Site Scripting
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings...
CVE-2022-1938
The CVE CVE-2022-1938 affects the WordPress Awin Data Feed plugin prior to version 1.8. The issue is improper sanitisation/escaping of a header when processing requests to generate analytics data, enabling Stored Cross-Site Scripting (Stored XSS) by unauthenticated users that can affect a logged-...
CVE-2022-1937 Awin Data Feed < 1.8 - Reflected Cross-Site Scripting
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...
CVE-2022-1937
The CVE-2022-1937 issue affects the WordPress Awin Data Feed plugin, specifically versions prior to 1.8. The vulnerability is a Reflected Cross‑Site Scripting caused by failing to sanitize/escape a parameter before echoing it back via an AJAX action that is accessible to both unauthenticated and ...
WordPress plugin Awin Data Feed 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of the WordPress Awin Data Feed plugin prior...
PT-2022-14202 · WordPress · Awin Data Feed
Name of the Vulnerable Software and Affected Versions: Awin Data Feed WordPress plugin versions prior to 1.8 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted via an AJAX action...
WordPress plugin Awin Data Feed 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2022-14203 · WordPress · Awin Data Feed
Name of the Vulnerable Software and Affected Versions: Awin Data Feed WordPress plugin versions prior to 1.8 Description: The issue allows unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged-in admin viewing the plugin's settings. This is due to the plugin not...
Missing checks on return data from the chainlink
Lines of code Vulnerability details Impact MED - the function of the protocol could be impacted 1. Use stale price information resulting to wrong project's balance 2. In the case of zero price, functions using price information will revert. Proof of Concept // JBPrices::priceFor at line 69 calls...
CVE-2022-30333
creationtimestamp| type| source ---|---|--- 2022-05-09 12:31:04+00:00| seen| https://t.me/cibsecurity/42166 2022-06-29 05:00:04+00:00| exploited| https://t.me/cKure/9862 2022-06-29 07:20:27+00:00| published-proof-of-concept| https://t.me/TopCyberTechNews/51 2022-06-30 10:57:20+00:00| seen|...
Oracle data feed is insufficiently validated
Lines of code Vulnerability details description When using Chainlink Price feeds it is important to ensure the price feed data was updated recently. While getting started with chainlink requires just one line of code, it is best to add additional checks for in production environments. findings...
Missing validations for return value of oracle data feed.
Lines of code Vulnerability details Impact In ChainlinkUsdWrapper there are no validations for answerthe price if the price is 0 or not. I checked ethOracle0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419..latestRoundData. However, this contract has no validation for the price too. In addition to that,...
basePrice and quotePrice values are insufficiently validated
Lines of code Vulnerability details Impact The oracle data feed basePrice and quotePrice in refreshedAssetPerBaseInUQ of ChainlinkPriceOracle.sol will be stale which results in wrong basePrice value and quotePrice value. Proof of Concept In refreshedAssetPerBaseInUQ function, it calls...
CVE-2020-25268
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data...
CVE-2017-15123
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines...
CVE-2015-2546
creationtimestamp| type| source ---|---|--- 2016-04-29 06:41:55+00:00| seen| MISP/57221ede-4084-4c2b-9463-4e1e950d210f 2016-05-16 13:09:27+00:00| seen| MISP/57288bef-5874-418f-be8a-348495ca48b7 2020-10-07 09:53:36+00:00| seen| MISP/a40c9aed-cf24-43e6-859b-e00435209aa0 2020-10-09 13:19:59+00:00|...
Microsoft launching Real Time Hosted Threat Intelligence Feed
Microsoft launching Real Time Hosted Threat Intelligence Feed Microsoft is to offer a real-time intelligence feed of botnet and e-crime data to public and private sector subscribers, according to security company Kaspersky. Currently, Microsoft is testing a real-time feed to distribute informatio...