AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query

Summary In objects/like.php, the getLike method constructs a SQL query using a prepared statement placeholder ? for usersid but directly concatenates $this-videosid into the query string without parameterization. An attacker who can control the videosid value via a crafted request can inject...

CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module...

EUVD-2016-1705

Malware in sbrugna...

WordPress Jetpack plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site. Jetpack is one of the plugin package contains a variety of features such as social sharing, social login and social...

CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module...

CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module...

Design/Logic Flaw

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module...

CVE-2016-10705

The CVE-2016-10705 entry concerns the Jetpack WordPress plugin prior to version 4.0.4, where the Likes module allows cross-site scripting (XSS). The vulnerability is documented across multiple sources (NVD, Red Hat security, CVE databases, WPVulndb) with consistent wording: XSS via the Likes modu...

CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module...