10 matches found
EUVD-2020-29364
Malware in sbrugna...
CVE-2020-8498
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...
WordPress GistPress Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the shortcode feature in WordPress GistPress versions prior to...
GistPress < 3.0.2 - Authenticated Stored XSS
XSS vulnerability that could be exploited by untrusted contributors on multi-author sites...
CVE-2020-8498
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...
CVE-2020-8498
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...
Cross site scripting
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...
CVE-2020-8498
Summary (CVE-2020-8498): A cross-site scripting vulnerability exists in the WordPress GistPress plugin prior to 3.0.2. The flaw is in the shortcode handling (includes/class-gistpress.php, id parameter) that allows an attacker with the WordPress Contributor role to inject and execute JavaScript in...
CVE-2020-8498
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...
WordPress Gistpress plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Paul Ritchie in WordPress Gistpress plugin versions = 3.0.1. Solution Update the WordPress Gistpress plugin to the latest available version at least 3.0.2...