7 matches found
XWiki Platform 安全漏洞
XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in XWiki Platform that originates when the Live Editor is installed in XWiki, which allows execution of arbitrary remote code through the interaction of an...
Cross-site Scripting (XSS) - Reflected in mermaid-js/mermaid-live-editor
Description There is a reflected XSS vulnerability in Mermaid v8.13.9 Live Editor. It is fixed in Mermaid develop Branch - Proof of Concept Open following link: \ \ \ \ Or copy & paste following in Mermaid v8.13.9 Live Editor: classDiagram class Duck +String beakColor +swim +quack Impact Execute...
CVE-2020-13643
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The liveeditorpanelsdata $POST variable allows for malicious JavaScript to be...
WordPress SiteOrigin Page Builder Cross-Site Request Forgery Vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.SiteOrigin Page Builder is a page builder plugin used in it. A cross-site request forgery vulnerability exists in...
WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover
Page Builder by SiteOrigin, a WordPress plugin with a million active installs that’s used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover. According to researchers at WordPress, both security bugs can lead to cross-site request forgery CSRF and...
Page Builder by SiteOrigin < 2.10.16 - CSRF to Reflected Cross-Site Scripting (XSS)
Flaws in the live editor and actionbuildercontent functions of the plugin "allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to trick a site administrator into executing an action, like clicking a link...
Page Builder by SiteOrigin < 2.10.16 - CSRF to Reflected Cross-Site Scripting (XSS)
Flaws in the live editor and actionbuildercontent functions of the plugin "allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to trick a site administrator into executing an action, like clicking a link...