15 matches found
EUVD-2022-43173
Malicious code in bioql PyPI...
CVE-2022-3833
The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
WordPress Fancier Author Box by ThematoSoup plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fancier Author Box by ThematoSoup plugin 1.4 and earlier versions contain a cross-site scripting...
CVE-2022-3833
The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-3833
The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-3833 Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS
The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-3833
The CVE-2022-3833 entry documents a stored XSS vulnerability in the WordPress plugin Fancier Author Box by ThematoSoup (versions prior to 1.5). The root cause is improper sanitisation/escaping of certain settings, including those related to the disabled unfiltered_html feature, which can allow an...
PT-2022-24371 · Thematosoup · The Fancier Author Box
Name of the Vulnerable Software and Affected Versions: The Fancier Author Box by ThematoSoup WordPress plugin versions prior to 1.5 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html...
WordPress plugin Fancier Author Box by ThematoSoup 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fancier Author Box by ThematoSoup plugin 1.4 and earlier versions contain a cross-site scripting...
WordPress Fancier Author Box by ThematoSoup plugin <= 1.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Fancier Author Box by ThematoSoup plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary,...
Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Open the setting page of this plugin. 2. There...
Fancier General-purpose ticket management system /ajax/cjrcard. ashx file id parameter SQL injection vulnerability
No description provided by source...
Fancier ERP /flight/Print_url_sel. aspx id parameter injection vulnerability
No description provided by source...
Fancier ERP /PiaoYou_root. aspx command execution vulnerability
No description provided by source...
Fancier /travel/Default. aspx parameters leixing injection vulnerability
No description provided by source...