EUVD-2021-11671

Malware in sbrugna...

CVE-2022-4670

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2021-24759

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks...

WordPress PDF.js Viewer plugin <= 2.1.8.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin PDF.js Viewer versions = 2.1.8.1...

WordPress PDF.js Viewer Plugin <= 2.1.8.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF.js Viewer Type Plugin Vulnerable versions = 2.1.8.1 Fixed in 2.2 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8e9d442ad86 Credits Yudistira Arya...

CVE-2022-4670

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4670 PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4670 PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4670

The CVE-2022-4670 entry affects the WordPress plugin PDF.js Viewer prior to 2.1.8. The vulnerability stems from not validating and escaping certain shortcode attributes, allowing stored cross-site scripting (Stored XSS) for users with the Contributor role and above when the shortcode is embedded ...

WordPress plugin PDF.js Viewer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plug-in. A cross-site scripting vulnerability...

WordPress PDF.js Viewer Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software PDF.js Viewer Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4670 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 33028ec86f1d Credits Lana Codes Required...

PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. pdfjs-viewer viewerheight='"...

WordPress PDF.js Viewer plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress PDF.js Viewer plugin has a cross-site scripting vulnerability in versions prior to 2.0.2, whi...

Cross site scripting

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks...

CVE-2021-24759 PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks...

CVE-2021-24759

The CVE-2021-24759 affects the WordPress PDF.js Viewer plugin prior to 2.0.2. The issue is a lack of escaping for certain shortcode and Gutenberg Block attributes, enabling stored Cross-Site Scripting via inputs that could be submitted by users with a role as low as Contributor. Documented impact...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress PDF.js Viewer plugin has a cross-site scripting vulnerability in versions prior to 2.0.2, whi...

WordPress PDF.js Viewer plugin <= 2.0.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress PDF.js Viewer plugin versions = 2.0.1. Solution Update the WordPress PDF.js Viewer plugin to the latest available version at least 2.0.2...