171 matches found
CVE-2023-52194
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1...
CVE-2023-36459
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview...
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...
CVE-2025-47702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...
CVE-2025-47702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...
CVE-2025-47702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...
CVE-2025-47702 oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...
CVE-2025-47702 oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...
CVE-2025-47702
Drupal oEmbed Providers module is affected by an XSS vulnerability from improper input neutralization during web page generation. Affected versions are 0.0.0 through 2.2.1; update to 2.2.2 or later to resolve. Several sources describe this as unauthenticated XSS impacting Drupal oEmbed Providers.
PT-2025-21190 · Unknown · Oembed Providers
Name of the Vulnerable Software and Affected Versions: oEmbed Providers versions 0.0.0 through 2.2.1 Description: The issue affects oEmbed Providers, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations: For versions 0.0.0 through...
Drupal oEmbed Providers 跨站脚本漏洞
Drupal oEmbed Providers is a module plugin in the Drupal content management system from the Drupal community. A cross-site scripting vulnerability exists in Drupal oEmbed Providers versions prior to 2.2.2 that stems from improper input neutralization and could lead to a cross-site scripting attac...
DRUPAL-CONTRIB-2025-048
This module extends the core Media module and allows site creators to permit oEmbed providers in addition to YouTube and Vimeo, which are deemed trustworthy by the Drupal Security Team. The module doesn't sufficiently mark its administrative permission as restricted, creating the possibility for...
oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048
This module extends the core Media module and allows site creators to permit oEmbed providers in addition to YouTube and Vimeo, which are deemed trustworthy by the Drupal Security Team. The module doesn't sufficiently mark its administrative permission as restricted, creating the possibility for...
Drupal oEmbed Providers module < 2.2.2 - Unauthenticated Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module oEmbed Providers versions 2.2.2...
WordPress plugin Uncode 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...
WordPress Uncode plugin <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed vulnerability
Unauthenticated Arbitrary File Read in uncodeadmingetoembed vulnerability discovered by mikemyers in WordPress Theme Uncode versions = 2.9.1.6...
CVE-2024-47605
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...
Cross-site Scripting (XSS)
Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the insert media functionality where the linked oEmbed JSON includes an HTML attribute which replaces the embed shortcode...
GHSA-7CMP-CGG8-4C82 Silverstripe Framework has a XSS via insert media remote file oembed
Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website...
Silverstripe Framework has a XSS via insert media remote file oembed
Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website...