2 matches found
GHSA-JF2Q-463C-6F52 androidqf: Zip entry Name Injection in APK bundle (Zip Slip for zip consumers)
Summary generateZipPath constructs zip entry names for collected APKs using device controlled content from extractFileName. Since extractFileName does not reject traversal sequences, the resulting zip entry name can contain ../. AndroidQF itself does not extract the zip it creates, but any forens...
WordPress Easy Age Verify Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)
Software Easy Age Verify Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35757 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d39f735e9e41 Credits Huynh Tien Si Required privilege...