EUVD-2022-24713

Malicious code in bioql PyPI...

CVE-2022-1396

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

WordPress plugin Donorbox cross-site scripting vulnerability

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to WordPress plugin Donorbox 7.1.7. The vulnerability stems from the fact that...

CVE-2022-1396

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

CVE-2022-1396

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

CVE-2022-1396

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

CVE-2022-1396

CVE-2022-1396 concerns the Donorbox WordPress plugin prior to 7.1.7, which does not sanitize/escape Campaign URL settings before output in an HTML attribute, enabling a Stored Cross-Site Scripting (XSS) vulnerability. The issue affects how user-supplied URL settings are rendered, even when unfilt...

CVE-2022-1396 Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

WordPress plugin Donorbox 跨站脚本漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to WordPress plugin Donorbox 7.1.7. The vulnerability stems from the fact that...

Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Campaign URL settings of the plugin: "...

WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting

Exploit Title: WordPress Plugin donorbox-donation-form 7.1.6 - Stored Cross Site Scripting Authenticated Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/donorbox-donation-form Version: 7.1.6 Tested on: Firefox Contact me: h at...

Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed Put the following payload in the Campaign URL settings of the plugin: "...

WordPress Donorbox plugin <= 7.1.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Hassan Khan Yusufzai Splint3r7 in the WordPress Donorbox plugin versions = 7.1.6. Solution Update the WordPress Donorbox plugin to the latest available version at least 7.1.7...

WordPress Donorbox plugin 7.1-7.1.1 - Stored Cross-Site Scripting (XSS) via plugin shortcode

Stored Cross-Site Scripting XSS found by Sybre Waaijer in WordPress Donorbox plugin versions 7.1-7.1.1. Solution Update the WordPress Donorbox plugin to the latest available version at least 7.1.2...

Donorbox 7.1~7.1.1 - Stored Cross-Site Scripting via Shortcode

In Donorbox WordPress plugin, one can perform an XSS attack via the included shortcode by inserting arbitrary HTML attributes. This vulnerability was introduced in v7.1 and fixed in v7.1.2. donate url='/?" autofocus onfocus="alertwindow" abitraryAttributeToValidateShortcodeParsing="'...

Donorbox 7.1~7.1.1 - Stored Cross-Site Scripting via Shortcode

In Donorbox WordPress plugin, one can perform an XSS attack via the included shortcode by inserting arbitrary HTML attributes. This vulnerability was introduced in v7.1 and fixed in v7.1.2. PoC donate url='/?" autofocus onfocus="alertwindow" abitraryAttributeToValidateShortcodeParsing="'...