82 matches found
WordPress Export WP Page to Static HTML/CSS Plugin <= 2.2.2 is vulnerable to Open Redirection
Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.3 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-3597 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 938d3f0380c6 Credits Krzysztof Zając Required...
WordPress Plugin Export WP Page to Static HTML/CSS Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
HTML/CSS Injection
HTML/CSS Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically us...
WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Broken Access Control
Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6369 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fad061a3db6e Credits Alex Thomas...
Export WP Page to Static HTML/CSS < 2.2.0 - Cross-Site Request Forgery via Multiple AJAX Actions
Description The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.9. This is due to missing or incorrect nonce validation on multiple AJAX actions. This makes it possible for unauthenticated attackers to perfor...
CVE-2023-31077
Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...
CVE-2023-31077
Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...
CVE-2023-31077 WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...
PT-2023-23139 · WordPress · Recorp Export Wp Page To Static Html/Css
Name of the Vulnerable Software and Affected Versions: ReCorp Export WP Page to Static HTML/CSS plugin versions = 2.1.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that t...
projectSend r1605 - Stored XSS
Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...
Cross-site Scripting (XSS)
Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple...
go -- multiple vulnerabilities
The Go project reports: crypto/tls: restrict RSA keys in certificates to = 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to = 8192...
Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6012-1 advisory. It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue...
Expedia Group Bug Bounty: https://www.wotif.com/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak
The info.php script on https://www.wotif.com was vulnerable to reflected HTML/CSS injection and COOKIE leak due to caching of HTTP headers. An attacker could inject malicious HTML/CSS code and steal victim cookies. The vulnerability was reported to the vendor...
Fedora 36 : php-Smarty (2022-52154efd61)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-52154efd61 advisory. 3.1.47 - 2022-09-14 Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks 454 Fixed - Fixed use ...
[SECURITY] Fedora 37 Update: rubygem-pdfkit-0.8.7.2-1.fc37
Create PDFs using plain old HTML+CSS. Uses wkhtmltopdf on the back-end which renders HTML using Webkit...
[SECURITY] Fedora 37 Update: php-Smarty-3.1.47-1.fc37
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php...
Hackers Can Use 'App Mode' in Chromium Browsers' for Stealth Phishing Attacks
In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be...
CVE-2019-10732
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...