14 matches found
EUVD-2014-5234
Malware in sbrugna...
CVE-2014-5345
Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...
CVE-2014-5346
Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 activate or 2 deactivate the plugin via the active parameter to wp-admin/edit-comments.php, 3...
CVE-2014-5345
Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...
CVE-2014-5346
Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 activate or 2 deactivate the plugin via the active parameter to wp-admin/edit-comments.php, 3...
CVE-2014-5347
Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 disqusreplace, 2 disquspublickey, or 3...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 disqusreplace, 2 disquspublickey, or 3...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 activate or 2 deactivate the plugin via the active parameter to wp-admin/edit-comments.php, 3...
Cross site scripting
Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...
CVE-2014-5345
Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...
CVE-2014-5346
Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 activate or 2 deactivate the plugin via the active parameter to wp-admin/edit-comments.php, 3...
CVE-2014-5345
The CVE-2014-5345 entry concerns a Cross-Site Scripting (XSS) vulnerability in the Disqus Comment System WordPress plugin’s upgrade.php, exploitable via the step parameter in versions prior to 2.76. Affected software: Disqus Comment System plugin for WordPress (pre-2.76). Root cause: improper han...
CVE-2014-5347
Disqus Comment System plugin for WordPress (versions before 2.76) is affected by CSRF vulnerabilities that can allow an attacker to hijack an administrator’s authenticated session and trigger XSS via parameters to wp-admin/edit-comments.php (disqus_replace, disqus_public_key, disqus_secret_key) o...
CVE-2014-5346
The CVE-2014-5346 entry affects the WordPress Disqus Comment System plugin version 2.77. The vulnerability is Cross-Site Request Forgery (CSRF) that allows remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active pa...