11 matches found
EUVD-2022-7241
Malicious code in bioql PyPI...
CVE-2022-41931
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...
Server-side Request Forgery (SSRF)
Overview django-icon-picker is an A custom Django model field that allows users to select icons from a predefined set. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the downloadandsavesvg function, which interpolates arbitrary URLs without filtering out...
CVE-2024-8486
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This make...
CVE-2024-8486
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This make...
CVE-2024-8486 Shortcodes and extra features for Phlox theme <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This make...
CVE-2024-8486 Shortcodes and extra features for Phlox theme <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This make...
PT-2024-39052 · WordPress · Phlox
Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.16.3 Description: The issue is related to Stored Cross-Site Scripting via the url parameter in the Modern Heading and Icon Picker widgets. Thi...
PT-2023-4817 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.6 XWiki Platform versions prior to 15.1 Description: The issue allows an attacker to inject XWiki syntax and Velocity code, which is executed with programming rights, thus enabling remote code execution...
CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...
CVE-2022-41931
CVE-2022-41931 affects xwiki-platform-icon-ui. It enables Eval Injection through the iconPicker macro, allowing an authenticated user with view rights on common documents to run arbitrary Groovy/Python/Velocity code due to improper neutralization of macro parameters. The vulnerability is fixed in...