75 matches found
CVE-2025-22324
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through = 0.5...
CVE-2025-22324
CVE-2025-22324 | Affects OZ Canonical (Andon Ivanov). Root cause: improper input neutralization during web page generation, enabling a reflected XSS. Affected versions: OZ Canonical from n/a through 0.5. CVSS v3.1 base score 7.1 (HIGH). Exploitation status in connected docs: CVE entry shows explo...
CVE-2025-22324 WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through = 0.5...
CVE-2025-22324 WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through = 0.5...
WordPress plugin OZ Canonical 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-4439 · Unknown · Oz Canonical
Name of the Vulnerable Software and Affected Versions: OZ Canonical versions 0.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected Cross-site Scripting XSS. This means an attacker can inject malicious scripts into ...
WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin OZ Canonical versions = 0.5...
Malicious code in oz-merkle-tree (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 732a4768703da4c9eb31465258c2df9b93dcfcf2811b78c72b62d9dbf9b10053 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...
MAL-2024-10100 Malicious code in oz-merkle-tree (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 732a4768703da4c9eb31465258c2df9b93dcfcf2811b78c72b62d9dbf9b10053 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...
Upgraded Q -> 2 from #175 [1699029356616]
Judge has assessed an item in Issue 175 as 2 risk. The relevant finding follows: L-02 Initial values for GovernorSettings are very low ODGovernor is a OZ Governor with some plugins. It sets up its parameters in the constructor: ODGovernor::constructor: File: src/contracts/gov/ODGovernor.sol 41:...
CVE-2023-39047
An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...
CVE-2023-39047
An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...
CVE-2023-39047
An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...
Line Security Breach
Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line, which stems from a vulnerability in shouzu sweets oz. An attacker can exploit the vulnerability to obtain a channel access token to send a crafted message...
PT-2023-26755 · Unknown · Shouzu Sweets Oz
Name of the Vulnerable Software and Affected Versions: shouzu sweets oz version 13.6.1 Description: An information leak in the software allows attackers to obtain the channel access token and send crafted messages. Recommendations: For shouzu sweets oz version 13.6.1, at the moment, there is no...
CVE-2023-39047
An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...
CVE-2023-39047
An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages...
The rUSDY.transferFrom function can cause reentrancy if is a contract been approved
Lines of code Vulnerability details Impact The rUSDY.transferFrom function can cause reentrancy if is a contract been approved, the function looks like: function transferFrom address sender, address recipient, uint256 amount public returns bool uint256 currentAllowance = allowancessendermsg.sende...
Tokens transfers do not verify that the tokens were successfully transferred
Lines of code Vulnerability details Impact Some tokens like zrx do not revert the transaction when the transfer/transferfrom fails and return false instead, which requires us to check the return value after calling the transfer/transferfrom function. Even though, the exchange seems to only suppor...
Return value of transferFrom() does not check
Lines of code Vulnerability details Impact Return value of transferFrom inside deposit function does not checked: function deposituint256 id, uint256 assets, address receiver public override marketExistsid epochHasNotStartedid nonReentrant returns uint256 shares // Check for rounding error since ...