3 matches found
CVE-2025-4955
The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks...
CVE-2025-4955
The CVE covers the tarteaucitron.io WordPress plugin prior to version 1.9.5. The vulnerability arises because the plugin uses query parameters from YouTube oEmbed URLs without proper sanitization, enabling Stored Cross-Site Scripting when a user with the contributor role or higher accesses affect...
SUSE CVE-2023-32683
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...