20 matches found
EUVD-2019-7541
Malware in sbrugna...
EUVD-2023-31624
Malicious code in bioql PyPI...
CVE-2023-27889
Cross-site request forgery CSRF vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page...
CVE-2019-17070
The liquid-speech-balloon aka LIQUID SPEECH BALLOON plugin before 1.0.7 for WordPress allows XSS with Internet Explorer...
CVE-2023-27889
Cross-site request forgery CSRF vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page...
PT-2023-21395 · Unknown · Liquid Speech Balloon
Name of the Vulnerable Software and Affected Versions: LIQUID SPEECH BALLOON versions prior to 1.2 Description: A cross-site request forgery CSRF issue allows a remote unauthenticated attacker to hijack the authentication of a user and perform unintended operations by having a user view a malicio...
CVE-2023-27889
CVE-2023-27889 — LIQUID SPEECH BALLOON plugin : A CSRF vulnerability affecting WordPress plugin versions prior to 1.2. The issue allows a remote unauthenticated attacker to hijack a user’s session and perform unintended operations by forcing the user to view a malicious page. A fix exists in vers...
CVE-2023-27889
Cross-site request forgery CSRF vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page...
CVE-2023-27889
Cross-site request forgery CSRF vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page...
WordPress LIQUID SPEECH BALLOON Plugin < 1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software LIQUID SPEECH BALLOON Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27889 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b1811e420432 Credits Ryo Sato of BroadBa...
WordPress plugin "LIQUID SPEECH BALLOON" vulnerable to cross-site request forgery
Overview WordPress plugin "LIQUID SPEECH BALLOON" provided by LIQUID DESIGN Ltd. contains a cross-site request forgery vulnerability CWE-352. Ryo Sato of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
WordPress plugin LIQUID SPEECH BALLOON 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
JVN#99657911: WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery
WordPress plugin "LIQUID SPEECH BALLOON” provided by LIQUID DESIGN Ltd. contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update the Software to the latest...
WordPress liquid-speech-balloon plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. liquid-speech-balloon is a visual editor plugin used in it. A cross-site scripting vulnerability exists in the WordPress...
CVE-2019-17070
The liquid-speech-balloon aka LIQUID SPEECH BALLOON plugin before 1.0.7 for WordPress allows XSS with Internet Explorer...
CVE-2019-17070
The liquid-speech-balloon aka LIQUID SPEECH BALLOON plugin before 1.0.7 for WordPress allows XSS with Internet Explorer...
Design/Logic Flaw
The liquid-speech-balloon aka LIQUID SPEECH BALLOON plugin before 1.0.7 for WordPress allows XSS with Internet Explorer...
CVE-2019-17070
The liquid-speech-balloon aka LIQUID SPEECH BALLOON plugin before 1.0.7 for WordPress allows XSS with Internet Explorer...
CVE-2019-17070
CVE-2019-17070 affects the WordPress plugin liquid-speech-balloon (aka LIQUID SPEECH BALLOON) prior to version 1.0.7. The available documents describe a cross-site scripting (XSS) vulnerability (specifically with Internet Explorer) in this plugin. The root cause and specific vulnerable component/...