5 matches found
pretix has Email Content Injection Through Maliciously Formatted Names
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...
WordPress Plugin Simple Ajax Chat Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. PoC await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...
SubprotocolRegistry is vulnerable to malicious names
Lines of code Vulnerability details Impact A malicious subprotocol can register a name that looks the same as any other protocol. Users may use the malicious subprotocol because they can't distinguish the names, and be cheated out of subprotocolFee. Proof of Concept Any subprotocol can be...
CLSA-2022-1652801011 Fix CVE(s): CVE-2022-1271
SECURITY UPDATE: arbitrary file overwrite or code execution with crafted file names - debian/patches/CVE-2022-1271.patch: fix escaping of malicious filenames in src/scripts/xzgrep.in. - CVE-2022-1271...