15 matches found
EUVD-2013-4264
Malware in sbrugna...
EUVD-2024-44376
Malicious code in bioql PyPI...
EUVD-2023-12260
Malicious code in bioql PyPI...
EUVD-2024-36527
Malicious code in bioql PyPI...
CVE-2024-4783
The jQuery T- Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin jQuery T(-) Countdown Widget Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
CVE-2024-4783
The jQuery T- Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-0171 jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS
The jQuery T- Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. tminus t='2100-01-01' width='"...
jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC tminus t='2100-01-01' width='"...
CVE-2013-4383
Cross-site scripting XSS vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4383
Cross-site scripting XSS vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4383
CVE-2013-4383 describes a cross-site scripting (XSS) vulnerability in the jQuery Countdown module for Drupal (7.x-1.x). The root cause is insufficient sanitization of settings, allowing a user with the access administration pages permission to inject arbitrary script or HTML into a page via unspe...
SA-CONTRIB-2013-076 - jQuery Countdown - Cross Site Scripting (XSS)
This jQuery Countdown Module enables you to display a countdown block based upon date settings. The jQuery Countdown Module does not properly sanitize the settings, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting XSS vulnerability. This vulnerability ...