577 matches found
WordPress Yoast Google Analytics 5.3.2 Cross Site Scripting
Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin . contents:: Table Of Content Overview Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin Author: Kaustubh G. Padwad, Rohit Kumar. Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytic...
WordPress Google Analytics Plugin <= 5.3.2 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Google Analytics by Yoast <= 5.3.2 - Cross-Site Scripting (XSS)
The Google Analytics Dashboard Plugin for WordPress by MonsterInsights WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
SA-CONTRIB-2014-119 - Google Analytics - Information disclosure
This module enables you to integrate Drupal with Google Analytics. The module leaks the site specific hash salt to authenticated users when user-id tracking is turned on. This vulnerability is mitigated by the fact that user-id tracking must be turned on and the attacker needs to have an account ...
CVE-2014-9174
Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...
Cross site scripting
Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...
CVE-2014-9174
The CVE-2014-9174 entry corresponds to a Cross-site scripting (XSS) vulnerability in the WordPress plugin Google Analytics by Yoast (google-analytics-for-wordpress) prior to version 5.1.3. The issue arises from unsafely handling the value entered in the General Settings field “Manually enter your...
CVE-2014-9174
Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...
WordPress Google Analytics Plugin <= 5.1.2 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Manually enter your UA code" field in the General Settings. Solution Update the plugin...
Google Analytics by Yoast <= 5.1.2 Cross-Site Scripting (XSS)
The value of the input field "manualuacodefield" Analytics Settings is saved without any validation. Malicious JavaScript code can be injected. Screenshots: http://imgur.com/4TA6sSe,DFUlAy51 http://imgur.com/4TA6sSe,DFUlAy50...
Django: CSRF protection bypass on any Django powered site via Google Analytics
I shall explain all the steps to create the final PoC in order to be more clear. Part 1. Cookie Injection via Google Analytics --------------------- Reported to Google, rewarded, still working Google Analytics sets the cookie to track user source:...
Google Analytics Dashboard 2.0.4 - gad-admin-pages-posts.php pid Parameter SQL Injection
The google-analytics-dashboard WordPress plugin was affected by a gad-admin-pages-posts.php pid Parameter SQL Injection security vulnerability...
Google Analytics MU 2.3 - google-analytics-mu-network.php Analytics Code Manipulation CSRF
The google-analytics-mu WordPress plugin was affected by a google-analytics-mu-network.php Analytics Code Manipulation CSRF security vulnerability...
WordPress Google Analytics Dashboard Plugin <= 2.0.4 - SQL Injection
This plugin is prone to a gad-admin-pages-posts.php pid parameter SQL injection vulnerability. Solution Update the plugin...
WordPress Google Analytics MU Plugin <= 2.3 - CSRF
Because of this vulnerability, attackers can gain access to the analytics data until the organisation notices the problem. Solution Update the plugin...
Yoast Google Analytics for WordPress Plugin 3.2.4 404 Error Page Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37209/info Yoast Google Analytics for WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
X (Formerly Twitter): [mobile.twitter.com / twitter.com] CSRF protection bypass
I shall explain all the steps to create the final PoC in order to be more clear. Part 1. Cookie Injection via Google Analytics 1 Google Analytics sets the cookie to track user source: 123456.123456789.11.2.utmcsr=HOST|utmccn=referral|utmcmd=referral|utmcct=PATH For example:...
WordPress Google Analytics MU插件跨站请求伪造漏洞
Bugtraq ID:65926 WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress Google Analytics MU存在跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 0 WordPress Google Analytics MU 2.3 目前没有详细解决方案提供: http://wordpress.org/plugins/google-analytics-mu/ A simple form which changes the analytics...
Google Analytics MU 2.3 Cross Site Request Forgery
Details ================ Software: Google Analytics MU Version: 2.3 Homepage: http://wordpress.org/plugins/google-analytics-mu/ CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Description ================ CSRF in Google Analytics MU 2.3 Vulnerability ================ If an admin visits a page of the...
WordPress Google Analytics 4.2.4 Cross Site Scripting
Title: ====== Google Analytics v4.2.4 Wordpress - Web Vulnerabilities Date: ===== 2012-08-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=692 VL-ID: ===== 692 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Th...