25 matches found
EUVD-2024-33732
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-parsi (npm)
The package @zalastax/nolb-parsi was found to contain malicious code...
MAL-2025-13010 Malicious code in @zalastax/nolb-parsi (npm)
The package @zalastax/nolb-parsi was found to contain malicious code...
CVE-2024-11032
The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-11032
The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-11032 Parsi Date <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter
The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-11032 Parsi Date <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter
The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-11032
CVE-2024-11032 : The Parsi Date WordPress plugin (versions ≤ 5.1.1) is vulnerable to a Reflected Cross-Site Scripting flaw caused by using add_query_arg without proper URL escaping. This allows unauthenticated attackers to inject arbitrary scripts into pages that run when a user is tricked into p...
PT-2024-16718 · WordPress · Parsi Date
Name of the Vulnerable Software and Affected Versions: Parsi Date plugin for WordPress versions up to, and including, 5.1.1 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts in pages...
WordPress plugin Parsi Date 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Parsi Date plugin <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability
Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by vgo0 in WordPress Plugin Parsi Date versions = 5.1.1...
WordPress Parsi Date Plugin <= 5.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Parsi Date Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID be0cd10da0f9 Credits vgo0 Required privileg...
WordPress Parsi Date Plugin < 4.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Parsi Date Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID d0d0311f443b Credits WPScan Required privilege Unauthenticat...
Parsi Date < 4.0.2 - Reflected Cross-Site Scripting
The plugin does not escape generated URLs before outputing them in attrubutes, leading to Reflected Cross-Site Scripting...
Wordpress parsi-font plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. parsi-font is one of the font plug-ins. A cross-site scripting vulnerability exists in the Wordpress parsi-font...
CVE-2016-1000142
Reflected XSS in wordpress plugin parsi-font v4.2.5...
CVE-2016-1000142
Reflected XSS in wordpress plugin parsi-font v4.2.5...
Cross site scripting
Reflected XSS in wordpress plugin parsi-font v4.2.5...
CVE-2016-1000142
Reflected XSS in wordpress plugin parsi-font v4.2.5...
CVE-2016-1000142
The CVE-2016-1000142 entry corresponds to a reflected cross-site scripting flaw in WordPress MW Font Changer plugin (parsi-font) versions up to 4.2.5. The vulnerability arises in the plugin’s reflected XSS via the vulnerable parameter handling, specifically in the CSS.php path, enabling injection...