Lucene search
K

39 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-24802

Malware in sbrugna...

6.1CVSS6.3AI score0.0021EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2023/05/25 6:3 a.m.55 views

Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware

The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations. Agrius, also known as Pink Sandstorm formerly Americium, has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/25 6:3 a.m.2 views

Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware

The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations. Agrius, also known as Pink Sandstorm formerly Americium, has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 6:20 p.m.3 views

Malicious code in @moneybird/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7633e23704682618ad34d6d9becafa2f9c6d5da32087c51596f47fd5401b8099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 6:20 p.m.5 views

MAL-2022-435 Malicious code in @moneybird/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7633e23704682618ad34d6d9becafa2f9c6d5da32087c51596f47fd5401b8099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2021/09/10 2:15 p.m.3 views

CVE-2021-38349

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...

6.1CVSS5.8AI score0.0021EPSS
Exploits1References2
NVD
NVD
added 2021/09/10 2:15 p.m.9 views

CVE-2021-38349

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...

6.1CVSS0.0021EPSS
Exploits1References2
Prion
Prion
added 2021/09/10 2:15 p.m.14 views

Cross site scripting

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...

4.3CVSS6.1AI score0.0021EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/09/10 1:32 p.m.16 views

CVE-2021-38349 Integration of Moneybird for WooCommerce <= 2.1.1 Reflected Cross-Site Scripting

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...

6.1CVSS6.2AI score0.0021EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2021/09/10 1:32 p.m.5 views

CVE-2021-38349 Integration of Moneybird for WooCommerce <= 2.1.1 Reflected Cross-Site Scripting

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...

6.1CVSS6.1AI score0.0021EPSS
Exploits1References2
CVE
CVE
added 2021/09/10 1:32 p.m.34 views

CVE-2021-38349

The CVE-2021-38349 entry documents a Reflected Cross-Site Scripting vulnerability in the WordPress plugin “Integration of Moneybird for WooCommerce” prior to or including version 2.1.1. The issue stems from the error_description parameter in the file templates/wcmb-admin.php, enabling injection o...

6.1CVSS6.1AI score0.0021EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WorkPress Plugin suffers from a cross-sit...

6.1CVSS6AI score0.0021EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.15 views

Integration of Moneybird for WooCommerce <= 2.1.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS5.2AI score0.0021EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.13 views

WordPress Integration of Moneybird for WooCommerce plugin <= 2.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Integration of Moneybird for WooCommerce plugin versions = 2.1.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.3AI score0.0021EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2021/04/02 10:40 a.m.40 views

Moneybird: No rate Limit

Mailing to our support team using the support center in the application was improperly rate limited. There is now a better rate limiter in place...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2021/03/26 1:17 p.m.73 views

Moneybird: Access control issue on invoice documents downloading feature.

Reporter has found a way to download exports as an unauthorized user. This was only possible after changing the permissions for the user and having a certain page open during this change. The issue has been resolved by adding extra permission checks during the download action...

2.2AI score
Exploits0
Hacker One
Hacker One
added 2021/03/18 3:11 a.m.16 views

Moneybird: Open Redirect through POST Request in OAuth

Reporter found an open redirect issue in the OAuth flow. We added extra checks for all redirects in the OAuth flows to mitigate this issue...

2.7AI score
Exploits0
Hacker One
Hacker One
added 2020/10/02 2:26 a.m.55 views

Moneybird: Stored XSS on add project

The researcher found a way to store a snippet that was served to him and or other users of his administration. Subsequently the snippet was executed by his browser, making it a viable XSS vulnerability...

4.2AI score
Exploits0
Hacker One
Hacker One
added 2019/11/21 4:58 p.m.10 views

Moneybird: Pending MFA logins aren't immediatly expired after a password change

Researcher found an issue with sessions not all being terminated when password is changed. The 2FA implementation was at fault in this scenario as the session was found to be active even after the password was changed and two-step verification was turned off...

2.4AI score
Exploits0
Hacker One
Hacker One
added 2019/10/31 8:26 a.m.10 views

Moneybird: IDOR in https://moneybird.com/user/accountant_company/edit(change company name)

Reporter found a way to change the name of an accountant company for which he didn't have permissions. We added extra checks to prevent these kind of Insecure Direct Object Reference bugs...

7AI score
Exploits0
Rows per page
Query Builder