CVE-2024-29795

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage,...

Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more < 4.5.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 4.5.24 due to insufficient input sanitization and...

CVE-2024-29795

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage,...

CVE-2024-29795 WordPress Media Cloud for Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.5.24 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage,...

CVE-2024-29795

Technical details about CVE-2024-29795 are not provided in the supplied documents. Monitor vendor advisories and CVE trackers for updates.

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Plugin <= 4.5.24 is vulnerable to Cross Site Scripting (XSS)

Software Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Type Plugin Vulnerable versions = 4.5.24 Fixed in 4.5.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29795 Patch priority Low CVSS severity Low 6.5 Developer Claim...

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Plugin <= 4.5.20 is vulnerable to Cross Site Scripting (XSS)

Software Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more Type Plugin Vulnerable versions = 4.5.20 Fixed in 4.5.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Cla...

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.2.37 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin versions = 4.2.37. Solution Update the WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more...

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.2.37 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin versions = 4.2.37. Solution Update the WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage,...

Imgix Resource Management Error Vulnerability

Imgix is a real-time image processing program. Imgix suffers from a resource management error vulnerability. An attacker can exploit this vulnerability to cause a denial of service resource consumption by manipulating smaller JPEG files...

CVE-2019-13655

Imgix through 2019-06-19 allows remote attackers to cause a denial of service resource consumption by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory...

CVE-2019-13655

Imgix through 2019-06-19 allows remote attackers to cause a denial of service resource consumption by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory...

Design/Logic Flaw

Imgix through 2019-06-19 allows remote attackers to cause a denial of service resource consumption by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory...

CVE-2019-13655

Imgix through 2019-06-19 allows remote attackers to cause a denial of service resource consumption by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory...

CVE-2019-13655

CVE-2019-13655 affects Imgix real-time image processing up to 2019-06-19. A small JPEG can be crafted to specify dimensions of 64250x64250, which is mishandled when loading the ‘whole image’ into memory, causing a denial of service via resource consumption. The description indicates a remote atta...

Hiro: Blockstack Browser For Mac leaks "Core API Password" to 3rd parties

Hi Blockstack! 😃 I noticed that BlockStack Browser for Mac version is leaking the CoreAPIPassword via Referer Header to several websites: appco.imgix.net a third party site! F471236 api.app.co seems to have some blockstack affiliation? F471235 browser-api.blockstack.org F471237 Steps to Reproduce...