Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.18 views

PT-2026-42100

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST USER LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present...

9.8CVSS6.1AI score0.00573EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/06 12:0 a.m.4 views

Geokit Rails Code Issue Vulnerability

Geokit Rails is Geokit open source an official Geokit plugin for Rails/ActiveRecord . A security vulnerability exists in Geokit Rails versions prior to 2.5.0, which stems from a command injection attack due to insecure YAML deserialization in the geolocation cookie, which can be exploited by an...

9.8CVSS7.8AI score0.03241EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/10/05 12:0 a.m.4 views

PT-2023-20532 · Unknown · Geokit-Rails

Name of the Vulnerable Software and Affected Versions: geokit-rails versions prior to 2.5.0 Description: The issue is related to Command Injection due to unsafe deserialization of YAML within the geo location cookie. This can be exploited remotely via a malicious cookie value, allowing an attacke...

9.8CVSS9.6AI score0.03241EPSS
Exploits1References14
Snyk
Snyk
added 2023/09/26 9:0 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the host...

9.8CVSS7.6AI score0.03241EPSS
Exploits1References2
Hacker One
Hacker One
added 2016/09/07 11:47 p.m.23 views

Yelp: Self-XSS via location cookie city field when getting suggestions for a new location

Hi, Only self-XSS, but thought I would report it anyway! I noticed the cookie "location" had some JSON in it, so I changed the city field to debugger, made sure it was encoded the same, then went to add a new location/change an existing location at https://www.yelp.com/profilelocation. Making sur...

6.1AI score
Exploits0
Rows per page
Query Builder