5 matches found
WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting
Vulnerability: XSS & CSRF Affected Software: Contact Form Email Affected Version: 1.2.65 Patched Version: 1.2.66 CVE: not requested Risk: Medium Vendor Contacted: 10/31/2018 Vendor Fix: 10/31/2018 Public Disclosure: 02/05/2019 Credit: Tim Coen Reflected XSS CVSS 6.1 Medium...
WordPress WP Live Chat 8.0.18 Cross Site Scripting
Vulnerability: XSS Affected Software: WP Live Chat Support Affected Version: 8.0.18 Patched Version: CVE: not requested Risk: Medium Vendor Contacted: 10/31/2018 Vendor Fix: 11/01/2018 Public Disclosure: 02/05/2019 Credit: Tim Coen CVSS 6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...
WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection
Vulnerability: Unauthenticated Persistent XSS, Blind SQL Injection Affected Software: Forminator Affected Version: 1.5.4 Patched Version: 1.6 CVE: not requested Risk: High Vendor Contacted: 11/25/2018 Vendor Fix: 12/10/2018 Public Disclosure: 02/05/2019 Credit: Tim Coen Unauthenticated Persistent...
CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.
The Atlassian Hipchat Integration Plugin for Bitbucket Server exposed the secret key it used to communicate with a linked HipChat service in various administration pages. For this vulnerability to affect your Bitbucket Server instance you must have a HipChat integration established. To exploit th...
Several Vulnerabilities Found in Google App Engine
A group of security researchers in Poland say they have discovered a long list of vulnerabilities in the Google App Engine, some of which enable an attacker to escape the Java sandbox. The researchers at Security Explorations say that they have found more than 30 vulnerabilities in the App Engine...