Lucene search
K

45 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 p.m.7 views

CVE-2022-1937

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.01686EPSS
Exploits1References3
Prion
Prion
added 2022/07/11 1:15 p.m.18 views

Cross site scripting

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

4.3CVSS6AI score0.01686EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 p.m.6 views

CVE-2022-1938

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings...

5.4CVSS6.1AI score0.00683EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/07/11 12:56 p.m.24 views

CVE-2022-1938 Awin Data Feed < 1.8 - Unauthenticated Stored Cross-Site Scripting

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings...

5.5AI score0.00683EPSS
Exploits1References1
CVE
CVE
added 2022/07/11 12:56 p.m.75 views

CVE-2022-1938

The CVE CVE-2022-1938 affects the WordPress Awin Data Feed plugin prior to version 1.8. The issue is improper sanitisation/escaping of a header when processing requests to generate analytics data, enabling Stored Cross-Site Scripting (Stored XSS) by unauthenticated users that can affect a logged-...

5.4CVSS5.3AI score0.00683EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/11 12:56 p.m.15 views

CVE-2022-1937 Awin Data Feed < 1.8 - Reflected Cross-Site Scripting

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

6.2AI score0.01686EPSS
Exploits1References1
CVE
CVE
added 2022/07/11 12:56 p.m.83 views

CVE-2022-1937

The CVE-2022-1937 issue affects the WordPress Awin Data Feed plugin, specifically versions prior to 1.8. The vulnerability is a Reflected Cross‑Site Scripting caused by failing to sanitize/escape a parameter before echoing it back via an AJAX action that is accessible to both unauthenticated and ...

6.1CVSS6.1AI score0.01686EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.5 views

WordPress plugin Awin Data Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of the WordPress Awin Data Feed plugin prior...

5.4CVSS5.2AI score0.00683EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/07/11 12:0 a.m.3 views

PT-2022-14202 · WordPress · Awin Data Feed

Name of the Vulnerable Software and Affected Versions: Awin Data Feed WordPress plugin versions prior to 1.8 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted via an AJAX action...

6.1CVSS6AI score0.01686EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.5 views

WordPress plugin Awin Data Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS5.3AI score0.01686EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/07/11 12:0 a.m.4 views

PT-2022-14203 · WordPress · Awin Data Feed

Name of the Vulnerable Software and Affected Versions: Awin Data Feed WordPress plugin versions prior to 1.8 Description: The issue allows unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged-in admin viewing the plugin's settings. This is due to the plugin not...

5.4CVSS5.3AI score0.00683EPSS
Exploits1References4
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.15 views

Missing checks on return data from the chainlink

Lines of code Vulnerability details Impact MED - the function of the protocol could be impacted 1. Use stale price information resulting to wrong project's balance 2. In the case of zero price, functions using price information will revert. Proof of Concept // JBPrices::priceFor at line 69 calls...

6.7AI score
Exploits0
Circl
Circl
added 2022/05/09 12:31 p.m.11 views

CVE-2022-30333

creationtimestamp| type| source ---|---|--- 2022-05-09 12:31:04+00:00| seen| https://t.me/cibsecurity/42166 2022-06-29 05:00:04+00:00| exploited| https://t.me/cKure/9862 2022-06-29 07:20:27+00:00| published-proof-of-concept| https://t.me/TopCyberTechNews/51 2022-06-30 10:57:20+00:00| seen|...

7.5CVSS6.8AI score0.98975EPSS
Exploits12References21
Code423n4
Code423n4
added 2022/05/05 12:0 a.m.10 views

Oracle data feed is insufficiently validated

Lines of code Vulnerability details description When using Chainlink Price feeds it is important to ensure the price feed data was updated recently. While getting started with chainlink requires just one line of code, it is best to add additional checks for in production environments. findings...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/27 12:0 a.m.7 views

Missing validations for return value of oracle data feed.

Lines of code Vulnerability details Impact In ChainlinkUsdWrapper there are no validations for answerthe price if the price is 0 or not. I checked ethOracle0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419..latestRoundData. However, this contract has no validation for the price too. In addition to that,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/21 12:0 a.m.9 views

basePrice and quotePrice values are insufficiently validated

Lines of code Vulnerability details Impact The oracle data feed basePrice and quotePrice in refreshedAssetPerBaseInUQ of ChainlinkPriceOracle.sol will be stale which results in wrong basePrice value and quotePrice value. Proof of Concept In refreshedAssetPerBaseInUQ function, it calls...

6.9AI score
Exploits0
OSV
OSV
added 2020/11/10 10:15 p.m.4 views

CVE-2020-25268

Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data...

8.8CVSS5.9AI score0.02315EPSS
Exploits1References1
OSV
OSV
added 2019/06/12 2:29 p.m.3 views

CVE-2017-15123

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines...

5.3CVSS5.8AI score0.0143EPSS
Exploits0References3
Circl
Circl
added 2016/04/29 6:41 a.m.10 views

CVE-2015-2546

creationtimestamp| type| source ---|---|--- 2016-04-29 06:41:55+00:00| seen| MISP/57221ede-4084-4c2b-9463-4e1e950d210f 2016-05-16 13:09:27+00:00| seen| MISP/57288bef-5874-418f-be8a-348495ca48b7 2020-10-07 09:53:36+00:00| seen| MISP/a40c9aed-cf24-43e6-859b-e00435209aa0 2020-10-09 13:19:59+00:00|...

8.2CVSS7.3AI score0.10929EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2012/01/12 9:2 p.m.7 views

Microsoft launching Real Time Hosted Threat Intelligence Feed

Microsoft launching Real Time Hosted Threat Intelligence Feed Microsoft is to offer a real-time intelligence feed of botnet and e-crime data to public and private sector subscribers, according to security company Kaspersky. Currently, Microsoft is testing a real-time feed to distribute informatio...

6.6AI score
Exploits0
Rows per page
Query Builder