175 matches found
Drupal 跨站脚本漏洞
Drupal is an open source content management system developed in PHP by the Drupal community. A cross-site scripting vulnerability exists in Drupal versions prior to 9.3.19 and prior to 9.4.3, which stems from Media oEmbed iframe routing that does not properly validate iframe domain settings...
Drupal 9.4.x < 9.4.3 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
Drupal 9.3.x < 9.3.19 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
Drupal 7.x < 7.91 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
DRUPAL-CORE-2022-015
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. This advisory is not covere...
Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. This advisory is not covere...
Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036
Media oEmbed does not properly sanitize certain filenames as described in SA-CORE-2020-012...
Node.js third-party modules: [Limited bypass of #793704] Blind SSRF in Ghost CMS
Blind SSRF vulnerability in Ghost allows for internal port scanning, or reading oembed contents from internal network...
Information Disclosure
Wordpress is vulnerable to Information Disclosure. The vulnerability exists in the wpprepareattachmentforjs function in media.php where a remote attacker can modify the parameter authorname as part of a request to /wp-json/oembed/1.0/embed?url which would lead to path disclosure...
UBUNTU-CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information Path Disclosure via a /wp-json/oembed/1.0/embed?url= request, related to the "authorname":" substring...
DEBIAN-CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information Path Disclosure via a /wp-json/oembed/1.0/embed?url= request, related to the "authorname":" substring...
CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information Path Disclosure via a /wp-json/oembed/1.0/embed?url= request, related to the "authorname":" substring...
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...
Code injection
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...
CVE-2019-9870
CVE-2019-9870 affects the w8tcha CKEditor oEmbed plugin prior to 2019-03-14. The vulnerability stems from how plugin.js mishandles SCRIPT elements, enabling a NETWORK-exposed issue with LOW attack complexity and no required user interaction. NVD records CVSS v3.0 base score 9.8 (CRITICAL) with HI...
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...
Valve: code injection, steam chat client
The steam chat client allows oEmbed, apparently based on a whitelist. One of the whitelisted oEmbedis codepen. When a codepen is created, it can be sent as a link to another steam user, and the code inside the codepen will execute within the privileged Steam Chat context. You can send these codep...
LinkedIn: Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com
This report was previously published on Medium.com/@JonathanBouman. Follow me on Twitter or Medium for new reports. F361972 Proof of concept Background In my previous report we learned more about a special type of the persistent XSS attack; the unvalidated oEmbed attack. This attack allows us to...
CVE-2016-10569
embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...