CVE-2022-22738

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5229-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5229-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

Mozilla Thunderbird < 91.5

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-03 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyso...

Mozilla Thunderbird < 91.5

The version of Thunderbird installed on the remote Windows host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-03 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith,...

CVE-2020-12954

A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification...

Juniper Networks Junos OS 竞争条件问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A competitive conditions issue vulnerability exists in Juniper Networks Junos OS that originates between the chassis daemo...

WordPress Weather Effect plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Weather Effect plugin prior to version 1.3.4, whi...

CVE-2021-24709

The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings like sizeleaf, flakesleaf, speed which could lead to Stored Cross-Site Scripting issues...

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

CVE-2021-24709

The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings like sizeleaf, flakesleaf, speed which could lead to Stored Cross-Site Scripting issues...

CVE-2021-24709

CVE-2021-24709 affects the Weather Effect WordPress plugin prior to 1.3.6. The underlying issue is insufficient validation/escaping of certain settings (eg *_size_leaf, *_flakes_leaf, *_speed), leading to Stored Cross-Site Scripting. Public sources (WPScan, PatchStack) reference admin+ and stored...

CVE-2021-24683

The CVE-2021-24683 entry concerns the Weather Effect WordPress plugin (prior to version 1.3.4). The root cause is that saving settings lacked CSRF protection and did not validate or escape input, enabling a Stored Cross-Site Scripting (XSS) vulnerability. Affected software: Weather Effect WordPre...

CVE-2021-24683 Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

WordPress plugin Weather Effect 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Weather Effect plugin prior to version 1.3.4, whi...

PT-2021-16193 · WordPress · The Weather Effect

Name of the Vulnerable Software and Affected Versions: The Weather Effect WordPress plugin versions prior to 1.3.4 Description: The issue is related to the lack of CSRF checks and input validation when saving settings, which could lead to a Stored Cross-Site Scripting issue. This means that an...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Weather Effect, which stems from the Weather Effect WordPress plugin prior to 1.3.6 not properly validating and escaping some settings e.g. size leaf, flake lea...

WordPress Weather Effect plugin <= 1.3.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Weather Effect plugin versions = 1.3.4. Solution Update the WordPress Weather Effect plugin to the latest available version at least 1.3.6...

Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue. v1.3.4 fixed the CSRF, but not the sanitisation/escaping fully. Another issue has been created for it PoC To have the XSS only...

WordPress Weather Effect plugin <= 1.3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Weather Effect plugin versions = 1.3.3. Solution Update the WordPress Weather Effect plugin to the latest available version at least 1.3.4...