123 matches found
PT-2023-14781 · WordPress · Nickys Image Map Pro
Name of the Vulnerable Software and Affected Versions: Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin versions prior to 5.6.9 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick...
CVE-2023-25704
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
CVE-2023-25704
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...
WordPress Plugin Interactive SVG Image Map Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2023-20257 · Unknown · Mehjabin Orthi Interactive Svg Image Map Builder
Name of the Vulnerable Software and Affected Versions: Mehjabin Orthi Interactive SVG Image Map Builder plugin versions = 1.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects the...
SUSE CVE-2004-0527
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack...
WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Interactive SVG Image Map Builder Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25704 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9e6397036265 Credits Lokesh...
Interactive SVG Image Map Builder < 1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Image Map Pro premium plugin <= 5.5.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Dave Jong Patchstack in the WordPress Image Map Pro premium plugin versions = 5.5.0. Solution No patched version is available. No reply from the vendor for a long time...
WordPress Image Map Pro premium plugin <= 5.5.0 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS discovered by Dave Jong Patchstack in the WordPress Image Map Pro premium plugin versions = 5.5.0. Solution No patched version is available. No reply from the vendor for a long time...
MapifyLite < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitise the Image URL either in the settings or in a location, allowing editor+ users to use a malicious payload, leading to Stored Cross-Site Scripting issues. Notes WPScanTeam: - The vendor has been notified on March 24th, 2021 - The pro version is very likely to be...
GHSA-RWR3-C2Q8-GM56 Pillow Integer overflow in Map.c
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...
Bugzilla XSS Vulnerability
Bugzilla is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:bugzilla"; if...
PYSEC-2016-8
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component...
Bugzilla security issues
Bugzilla Security Advisory A specially crafted bug summary could trigger XSS in dependency graphs. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs...
JFreeChart: XSS vulnerabilities in the image map feature
Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...
JFreeChart: XSS vulnerabilities in the image map feature
Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...
httpd: mod_imagemap XSS
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
JFreeChart: XSS vulnerabilities in the image map feature
Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...