Lucene search
+L

75 matches found

NVD
NVD
added 2025/01/07 11:15 a.m.12 views

CVE-2025-22324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through = 0.5...

7.1CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2025/01/07 10:48 a.m.61 views

CVE-2025-22324

CVE-2025-22324 | Affects OZ Canonical (Andon Ivanov). Root cause: improper input neutralization during web page generation, enabling a reflected XSS. Affected versions: OZ Canonical from n/a through 0.5. CVSS v3.1 base score 7.1 (HIGH). Exploitation status in connected docs: CVE entry shows explo...

7.1CVSS7.2AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/07 10:48 a.m.20 views

CVE-2025-22324 WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through = 0.5...

7.1CVSS0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/07 10:48 a.m.6 views

CVE-2025-22324 WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through = 0.5...

7.1CVSS7.2AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.4 views

WordPress plugin OZ Canonical 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7.7AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.5 views

PT-2025-4439 · Unknown · Oz Canonical

Name of the Vulnerable Software and Affected Versions: OZ Canonical versions 0.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected Cross-site Scripting XSS. This means an attacker can inject malicious scripts into ...

7.1CVSS9.1AI score0.0025EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/01/03 4:35 p.m.6 views

WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin OZ Canonical versions = 0.5...

7.1CVSS6.1AI score0.0025EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/23 9:20 p.m.7 views

Malicious code in oz-merkle-tree (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 732a4768703da4c9eb31465258c2df9b93dcfcf2811b78c72b62d9dbf9b10053 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/08/23 9:20 p.m.5 views

MAL-2024-10100 Malicious code in oz-merkle-tree (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 732a4768703da4c9eb31465258c2df9b93dcfcf2811b78c72b62d9dbf9b10053 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...

6.8AI score
Exploits0References1
Code423n4
Code423n4
added 2023/11/03 12:0 a.m.8 views

Upgraded Q -> 2 from #175 [1699029356616]

Judge has assessed an item in Issue 175 as 2 risk. The relevant finding follows: L-02 Initial values for GovernorSettings are very low ODGovernor is a OZ Governor with some plugins. It sets up its parameters in the constructor: ODGovernor::constructor: File: src/contracts/gov/ODGovernor.sol 41:...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/11/02 10:15 p.m.5 views

CVE-2023-39047

An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

7.5CVSS7.1AI score0.00627EPSS
Exploits1References3
OSV
OSV
added 2023/11/02 10:15 p.m.6 views

CVE-2023-39047

An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

7.5CVSS5.8AI score0.00627EPSS
Exploits1References2
NVD
NVD
added 2023/11/02 10:15 p.m.20 views

CVE-2023-39047

An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

7.5CVSS7.3AI score0.00627EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.7 views

Line Security Breach

Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line, which stems from a vulnerability in shouzu sweets oz. An attacker can exploit the vulnerability to obtain a channel access token to send a crafted message...

7.5CVSS6.7AI score0.00627EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.4 views

PT-2023-26755 · Unknown · Shouzu Sweets Oz

Name of the Vulnerable Software and Affected Versions: shouzu sweets oz version 13.6.1 Description: An information leak in the software allows attackers to obtain the channel access token and send crafted messages. Recommendations: For shouzu sweets oz version 13.6.1, at the moment, there is no...

7.5CVSS6.8AI score0.00627EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/11/02 12:0 a.m.21 views

CVE-2023-39047

An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

7.5AI score0.00627EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/11/02 12:0 a.m.11 views

CVE-2023-39047

An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

6.7AI score0.00627EPSS
Exploits1References2
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.34 views

The rUSDY.transferFrom function can cause reentrancy if is a contract been approved

Lines of code Vulnerability details Impact The rUSDY.transferFrom function can cause reentrancy if is a contract been approved, the function looks like: function transferFrom address sender, address recipient, uint256 amount public returns bool uint256 currentAllowance = allowancessendermsg.sende...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.8 views

Tokens transfers do not verify that the tokens were successfully transferred

Lines of code Vulnerability details Impact Some tokens like zrx do not revert the transaction when the transfer/transferfrom fails and return false instead, which requires us to check the return value after calling the transfer/transferfrom function. Even though, the exchange seems to only suppor...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.10 views

Return value of transferFrom() does not check

Lines of code Vulnerability details Impact Return value of transferFrom inside deposit function does not checked: function deposituint256 id, uint256 assets, address receiver public override marketExistsid epochHasNotStartedid nonReentrant returns uint256 shares // Check for rounding error since ...

6.8AI score
Exploits0
Rows per page
Query Builder