Lucene search
K

171 matches found

Friends Of PHP
Friends Of PHP
added 2025/01/14 9:24 p.m.16 views

CVE-2024-47605 - XSS via insert media remote file oembed

More info at https://www.silverstripe.org/download/security-releases/cve-2024-47605...

5.4CVSS6.8AI score0.01108EPSS
Exploits2Affected Software1
NVD
NVD
added 2024/12/14 5:15 a.m.19 views

CVE-2024-11873

The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomexintegration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/14 4:23 a.m.7 views

CVE-2024-11873 glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomexintegration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00351EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/14 4:23 a.m.19 views

CVE-2024-11873 glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomexintegration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00351EPSS
Exploits0References3
CVE
CVE
added 2024/12/14 4:23 a.m.51 views

CVE-2024-11873

CVE-2024-11873: The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the glomex_integration shortcode in all versions up to and including 0.9.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authentic...

6.4CVSS5.7AI score0.00351EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/14 12:0 a.m.3 views

WordPress plugin glomex oEmbed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.4CVSS7.9AI score0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.7 views

PT-2024-17310 · WordPress · Glomex Oembed Plugin

Name of the Vulnerable Software and Affected Versions: glomex oEmbed plugin for WordPress versions prior to 0.9.1 Description: The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's glomex integration shortcode due to insufficient input sanitization a...

6.4CVSS6.1AI score0.00351EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/12/13 8:42 p.m.4 views

WordPress glomex oEmbed plugin <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin glomex oEmbed versions = 0.9.1...

6.4CVSS5.7AI score0.00351EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.4 views

Mastodon < 3.5.9 Multiples Vulnerabilities

According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.9 or 4.0.x prior to 4.0.5 or 4.1.x prior to 4.1.3. It is, therefore, affected by multiples vulnerabilities : - Verified profile links can be formatted in a misleading way - Denial of...

9.9CVSS6.8AI score0.4011EPSS
Exploits0References7
OSV
OSV
added 2024/05/23 6:14 p.m.6 views

GHSA-QP29-WCC2-VMPC Silverstripe HtmlEditor embed url sanitisation

"Add from URL" doesn't clearly sanitise URL server side HtmlEditorFieldToolbar has an action HtmlEditorFieldToolbarviewfile, which gets called by the CMS when adding a media "from a URL" i.e. via oembed. This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL...

4.3CVSS7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/23 6:14 p.m.8 views

Silverstripe HtmlEditor embed url sanitisation

"Add from URL" doesn't clearly sanitise URL server side HtmlEditorFieldToolbar has an action HtmlEditorFieldToolbarviewfile, which gets called by the CMS when adding a media "from a URL" i.e. via oembed. This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL...

7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/06 10:52 a.m.14 views

BIT-DRUPAL-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS6.2AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2024/02/29 6:15 a.m.3 views

CVE-2024-25098

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...

5.4CVSS6.9AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2024/02/29 6:15 a.m.32 views

CVE-2024-25098

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...

6.5CVSS6.4AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2024/02/29 6:7 a.m.94 views

CVE-2024-25098

PB oEmbed HTML5 Audio – with Cache Support (WordPress plugin by Pascal Bajorat) is affected by a stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. The issue affects versions n/a through 2.6. Exploitation details and patch status vary ...

6.5CVSS7.1AI score0.0031EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.6 views

WordPress Plugin PB oEmbed HTML5 Audio Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin PB oEmbed HTML5 Audio A...

6.5CVSS6.5AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.7 views

PT-2024-20746 · Pascal Bajorat · Pascal Bajorat Pb Oembed Html5 Audio – With Cache Support

Name of the Vulnerable Software and Affected Versions: Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support versions n/a through 2.6 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means...

6.5CVSS8.6AI score0.0031EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.10 views

WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)

Software PB oEmbed HTML5 Audio Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fd60f7f1dbad Credits Ngô Thiên An ancorn from VNPT-VCI...

6.5CVSS6.5AI score0.0031EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/02/01 10:15 a.m.21 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1...

4.9CVSS6.9AI score0.00328EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/01 9:45 a.m.36 views

CVE-2023-52194 WordPress oEmbed Gist Plugin <= 4.9.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1...

6.5CVSS6.6AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder