10 matches found
CVE-2016-10974
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frssave CSRF with resultant stored XSS...
EUVD-2016-1965
Malware in sbrugna...
EUVD-2016-1966
Malware in sbrugna...
CVE-2016-10975
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter...
CVE-2016-10975
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter...
CVE-2016-10974
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frssave CSRF with resultant stored XSS...
CVE-2016-10975
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter...
CVE-2016-10975
The CVE-2016-10975 entry concerns the Fluid Responsive Slideshow WordPress plugin (pre-2.2.7). It describes a reflected XSS vulnerability via the skin parameter, with partial integrity impact and no confidentiality/availability impact per the NVD CVSS data, and with user interaction required in t...
CVE-2016-10974
The CVE-2016-10974 vulnerability affects the Fluid Responsive Slideshow WordPress plugin prior to version 2.2.7, where the frs_save CSRF flaw enables stored XSS. Red Hat and CVE records corroborate the issue as a CSRF-related stored XSS in the plugin for WordPress. The weakness arises in the frs_...
Uber: CSRF on eng.uber.com may lead to server-side compromise
The site eng.uber.com uses a WordPress plugin called Fluid Responsive Slideshow. The plugin doesn't implement any CSRF check for AJAX requests. Some of these AJAX requests can be used to modify posts and pages on the system. An attacker could use this bug to inject arbitrary JavaScript in any pag...