Lucene search
+L

577 matches found

Packet Storm
Packet Storm
added 2015/03/07 12:0 a.m.35 views

WordPress Yoast Google Analytics 5.3.2 Cross Site Scripting

Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin . contents:: Table Of Content Overview Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin Author: Kaustubh G. Padwad, Rohit Kumar. Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytic...

7AI score
Exploits0
Patchstack
Patchstack
added 2015/03/06 12:0 a.m.11 views

WordPress Google Analytics Plugin <= 5.3.2 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/06 12:0 a.m.13 views

Google Analytics by Yoast <= 5.3.2 - Cross-Site Scripting (XSS)

The Google Analytics Dashboard Plugin for WordPress by MonsterInsights WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

1.5AI score
Exploits0References1Affected Software1
Drupal
Drupal
added 2014/12/10 12:0 a.m.14 views

SA-CONTRIB-2014-119 - Google Analytics - Information disclosure

This module enables you to integrate Drupal with Google Analytics. The module leaks the site specific hash salt to authenticated users when user-id tracking is turned on. This vulnerability is mitigated by the fact that user-id tracking must be turned on and the attacker needs to have an account ...

6.9AI score
Exploits0References11
NVD
NVD
added 2014/12/02 4:59 p.m.18 views

CVE-2014-9174

Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...

4.3CVSS5.8AI score0.01959EPSS
Exploits0References5
Prion
Prion
added 2014/12/02 4:59 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...

4.3CVSS6.2AI score0.01959EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2014/12/02 4:0 p.m.50 views

CVE-2014-9174

The CVE-2014-9174 entry corresponds to a Cross-site scripting (XSS) vulnerability in the WordPress plugin Google Analytics by Yoast (google-analytics-for-wordpress) prior to version 5.1.3. The issue arises from unsafely handling the value entered in the General Settings field “Manually enter your...

4.3CVSS5.9AI score0.01959EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/12/02 4:0 p.m.22 views

CVE-2014-9174

Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...

5.7AI score0.01959EPSS
Exploits0References5
Patchstack
Patchstack
added 2014/12/02 12:0 a.m.22 views

WordPress Google Analytics Plugin <= 5.1.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Manually enter your UA code" field in the General Settings. Solution Update the plugin...

4.3CVSS2.6AI score0.01959EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/26 11:44 a.m.23 views

Google Analytics by Yoast <= 5.1.2 Cross-Site Scripting (XSS)

The value of the input field "manualuacodefield" Analytics Settings is saved without any validation. Malicious JavaScript code can be injected. Screenshots: http://imgur.com/4TA6sSe,DFUlAy51 http://imgur.com/4TA6sSe,DFUlAy50...

4.3CVSS0.1AI score0.01959EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2014/09/01 8:28 a.m.71 views

Django: CSRF protection bypass on any Django powered site via Google Analytics

I shall explain all the steps to create the final PoC in order to be more clear. Part 1. Cookie Injection via Google Analytics --------------------- Reported to Google, rewarded, still working Google Analytics sets the cookie to track user source:...

0.5AI score
Exploits0
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.9 views

Google Analytics Dashboard 2.0.4 - gad-admin-pages-posts.php pid Parameter SQL Injection

The google-analytics-dashboard WordPress plugin was affected by a gad-admin-pages-posts.php pid Parameter SQL Injection security vulnerability...

2.6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.12 views

Google Analytics MU 2.3 - google-analytics-mu-network.php Analytics Code Manipulation CSRF

The google-analytics-mu WordPress plugin was affected by a google-analytics-mu-network.php Analytics Code Manipulation CSRF security vulnerability...

7.1AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.12 views

WordPress Google Analytics Dashboard Plugin <= 2.0.4 - SQL Injection

This plugin is prone to a gad-admin-pages-posts.php pid parameter SQL injection vulnerability. Solution Update the plugin...

2.6AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.4 views

WordPress Google Analytics MU Plugin <= 2.3 - CSRF

Because of this vulnerability, attackers can gain access to the analytics data until the organisation notices the problem. Solution Update the plugin...

5.3AI score
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.32 views

Yoast Google Analytics for WordPress Plugin 3.2.4 404 Error Page Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37209/info Yoast Google Analytics for WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/06/03 2:36 p.m.20 views

X (Formerly Twitter): [mobile.twitter.com / twitter.com] CSRF protection bypass

I shall explain all the steps to create the final PoC in order to be more clear. Part 1. Cookie Injection via Google Analytics 1 Google Analytics sets the cookie to track user source: 123456.123456789.11.2.utmcsr=HOST|utmccn=referral|utmcmd=referral|utmcct=PATH For example:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/03/05 12:0 a.m.24 views

WordPress Google Analytics MU插件跨站请求伪造漏洞

Bugtraq ID:65926 WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress Google Analytics MU存在跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 0 WordPress Google Analytics MU 2.3 目前没有详细解决方案提供: http://wordpress.org/plugins/google-analytics-mu/ A simple form which changes the analytics...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/03/03 12:0 a.m.34 views

Google Analytics MU 2.3 Cross Site Request Forgery

Details ================ Software: Google Analytics MU Version: 2.3 Homepage: http://wordpress.org/plugins/google-analytics-mu/ CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Description ================ CSRF in Google Analytics MU 2.3 Vulnerability ================ If an admin visits a page of the...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2012/09/07 12:0 a.m.50 views

WordPress Google Analytics 4.2.4 Cross Site Scripting

Title: ====== Google Analytics v4.2.4 Wordpress - Web Vulnerabilities Date: ===== 2012-08-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=692 VL-ID: ===== 692 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Th...

0.2AI score
Exploits0
Rows per page
Query Builder