175 matches found
CVE-2016-10569
The CVE-2016-10569 issue affects the embedza module prior to version 1.2.4, where JavaScript resources are downloaded over HTTP. This enables a man-in-the-middle scenario where an attacker on the network could swap the requested JavaScript with a malicious file, potentially leading to remote code...
FreeBSD : wordpress -- multiple issues (a48d4478-e23f-4085-8ae4-6b3a7b6f016b)
wordpress developers report : Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before...
Cross-site Scripting (XSS)
WordPress is vulnerable to cross-site scripting XSS attacks. The library does not properly handle HTML elements in the oEmbed sandbox before rendering, allowing a malicious user to inject and execute arbitrary webscript...
WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
Description A cross-site scripting XSS vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team...
WordPress oEmbed discovery cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL. oEmbed discovery is one of the oEmbed search plugin. A cross-site scripting vulnerability exists in oEmbed...
Cross site scripting
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...
UBUNTU-CVE-2017-14724
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...
DEBIAN-CVE-2017-14724
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...
CVE-2017-14724
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...
CVE-2017-14724
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...
CVE-2017-14724
CVE-2017-14724 affects WordPress prior to 4.8.2, where oEmbed discovery is vulnerable to cross-site scripting. The issue is triggered via oEmbed discovery paths and is exploitable by unauthenticated actors under network conditions; impact is listed as partial integrity leakage and low confidentia...
CVE-2017-14724
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery...
wordpress -- multiple issues
wordpress developers report: Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before versi...
WordPress Cross-Site Scripting Vulnerability (CNVD-2017-34852)
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability in oEmbed Discovery. A remote attacker can exploit this...
WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (oEmbed)
Cross-Site Scripting XSS vulnerability found by xknown of the WordPress Security Team in WordPress oEmbed version 4.8.1 and earlier versions. Solution Update the WordPress to the latest available version at least 4.8.2...
Discourse: Stored XSS in posts because of absence of oembed variables values escaping
Hello! Steps to reproduce: 1. Paste this payload URL in the post: http://89.223.28.48/oembedvideo.html?uncache 2. Save the post and you will see the XSS will fire. F151922 The vulnerability exists because of absence of oembed variables values escaping. There is the oembed link in the payload page...
WordPress Multiple Vulnerabilities (Jul 2016) - Linux
WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...
WordPress < 4.5.3 Multiple Vulnerabilities
Binary data 9388.prm...
CVE-2016-5836
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors...
DEBIAN-CVE-2016-5836
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors...