58 matches found
Cross site request forgery (csrf)
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF...
WordPress import-users-from-csv-with-meta plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. import-users-from-csv-with-meta is a user data import plugin used in it. A cross-site request forgery vulnerability exists in WordPres...
CVE-2017-18503
The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS...
CVE-2012-0220
Multiple cross-site scripting XSS vulnerabilities in the meta plugin Plugin/meta.pm in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the 1 author or 2 authorurl meta tags...
DEBIAN-CVE-2012-0220
Multiple cross-site scripting XSS vulnerabilities in the meta plugin Plugin/meta.pm in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the 1 author or 2 authorurl meta tags...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the meta plugin Plugin/meta.pm in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the 1 author or 2 authorurl meta tags...
CVE-2012-0220
Multiple cross-site scripting XSS vulnerabilities in the meta plugin Plugin/meta.pm in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the 1 author or 2 authorurl meta tags...
CVE-2012-0220
Affected software: ikiwiki before 3.20120516, specifically the meta plugin (Plugin/meta.pm). The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary script or HTML via the (1) author or (2) authorurl meta tags. Root cause is improper handling/valida...
CVE-2012-0220
Multiple cross-site scripting XSS vulnerabilities in the meta plugin Plugin/meta.pm in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the 1 author or 2 authorurl meta tags...
CVE-2012-0220
Multiple cross-site scripting XSS vulnerabilities in the meta plugin Plugin/meta.pm in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the 1 author or 2 authorurl meta tags...
Fedora 16 : ikiwiki-3.20111106-2.fc16 (2012-8151)
Security update: Add patch from mainline that should fix a XSS exposure in the meta plugin CVE-2012-0220. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much...
DEBIAN-CVE-2008-0808
Cross-site scripting XSS vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags...
Cross site scripting
Cross-site scripting XSS vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags...
CVE-2008-0808
Cross-site scripting XSS vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags...
CVE-2008-0808
Cross-site scripting XSS vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags...
CVE-2008-0808
CVE-2008-0808 is an XSS in Ikiwiki's meta plugin, affecting Ikiwiki before 1.1.47. Exploitation could allow remote script/HTML injection via meta tags. Debian and OSV advisories reference fixed releases and urge upgrading Ikiwiki to patched versions (e.g., Debian etch 1.33.4); no exploit details ...
CVE-2008-0808
Cross-site scripting XSS vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags...
ikiwiki -- javascript insertion via uris
The ikiwiki development team reports: The htmlscrubber did not block javascript in uris. This was fixed by adding a whitelist of valid uri types, which does not include javascript. Some urls specifyable by the meta plugin could also theoretically have been used to inject javascript; this was also...