171 matches found
CVE-2024-47605 - XSS via insert media remote file oembed
More info at https://www.silverstripe.org/download/security-releases/cve-2024-47605...
CVE-2024-11873
The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomexintegration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11873 glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomexintegration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11873 glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomexintegration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11873
CVE-2024-11873: The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the glomex_integration shortcode in all versions up to and including 0.9.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authentic...
WordPress plugin glomex oEmbed 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2024-17310 · WordPress · Glomex Oembed Plugin
Name of the Vulnerable Software and Affected Versions: glomex oEmbed plugin for WordPress versions prior to 0.9.1 Description: The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's glomex integration shortcode due to insufficient input sanitization a...
WordPress glomex oEmbed plugin <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin glomex oEmbed versions = 0.9.1...
Mastodon < 3.5.9 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.9 or 4.0.x prior to 4.0.5 or 4.1.x prior to 4.1.3. It is, therefore, affected by multiples vulnerabilities : - Verified profile links can be formatted in a misleading way - Denial of...
GHSA-QP29-WCC2-VMPC Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side HtmlEditorFieldToolbar has an action HtmlEditorFieldToolbarviewfile, which gets called by the CMS when adding a media "from a URL" i.e. via oembed. This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL...
Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side HtmlEditorFieldToolbar has an action HtmlEditorFieldToolbarviewfile, which gets called by the CMS when adding a media "from a URL" i.e. via oembed. This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL...
BIT-DRUPAL-2022-25276
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...
CVE-2024-25098
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...
CVE-2024-25098
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...
CVE-2024-25098
PB oEmbed HTML5 Audio – with Cache Support (WordPress plugin by Pascal Bajorat) is affected by a stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. The issue affects versions n/a through 2.6. Exploitation details and patch status vary ...
WordPress Plugin PB oEmbed HTML5 Audio Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin PB oEmbed HTML5 Audio A...
PT-2024-20746 · Pascal Bajorat · Pascal Bajorat Pb Oembed Html5 Audio – With Cache Support
Name of the Vulnerable Software and Affected Versions: Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support versions n/a through 2.6 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means...
WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)
Software PB oEmbed HTML5 Audio Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fd60f7f1dbad Credits Ngô Thiên An ancorn from VNPT-VCI...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1...
CVE-2023-52194 WordPress oEmbed Gist Plugin <= 4.9.1 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1...