Mozilla: Information disclosure due to manipulated URL object

The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...

Mozilla: Information disclosure due to manipulated URL object

The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...

Mozilla: Information disclosure due to manipulated URL object

The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...

Mozilla: Information disclosure due to manipulated URL object

The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...

Mozilla: Information disclosure due to manipulated URL object

The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...

Mozilla: Information disclosure due to manipulated URL object

The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript...

CVE-2020-4052

In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.j...

GHSA-R24H-634P-M72X Validation Bypass in schema-inspector

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

CVE-2020-13644

An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wpajaxaccordionsajaximportjson action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordio...

CVE-2020-13643

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The liveeditorpanelsdata $POST variable allows for malicious JavaScript to be...

CVE-2020-13641

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

CVE-2020-13642

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The actionbuildercontent function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panelsdata $POST variable allows for malicious JavaScript to be...

Design/Logic Flaw

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

Input validation

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The actionbuildercontent function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panelsdata $POST variable allows for malicious JavaScript to be...

Authentication flaw

An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wpajaxaccordionsajaximportjson action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordio...

Input validation

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The liveeditorpanelsdata $POST variable allows for malicious JavaScript to be...

CVE-2020-13642

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The actionbuildercontent function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panelsdata $POST variable allows for malicious JavaScript to be...

CVE-2020-13644

An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wpajaxaccordionsajaximportjson action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordio...

WordPress SiteOrigin Page Builder Cross-Site Request Forgery Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.SiteOrigin Page Builder is a page builder plugin used in it. A cross-site request forgery vulnerability exists in...

WordPress Accordion Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Accordion is one of the plugins used to create responsive content. A cross-site scripting vulnerability exists in the AJAX...