21 matches found
EUVD-2024-45845
Malicious code in bioql PyPI...
CVE-2024-52340
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MartyThornley Photographer Connections photographer-connections allows Stored XSS.This issue affects Photographer Connections: from n/a through = 1.3.1...
CVE-2024-52340
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MartyThornley Photographer Connections photographer-connections allows Stored XSS.This issue affects Photographer Connections: from n/a through = 1.3.1...
CVE-2024-52340 WordPress Photographer Connections plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Marty Thornley Photographer Connections allows Stored XSS.This issue affects Photographer Connections: from n/a through 1.3.1...
CVE-2024-52340
CVE-2024-52340 – Photographer Connections (WordPress plugin) Description: An improper input handling flaw in Photographer Connections (Marty Thornley) allows Stored XSS via web page generation. Affected: WordPress plugin Photographer Connections, versions n/a through 1.3.1 (≤ 1.3.1). Root cause: ...
CVE-2024-52340 WordPress Photographer Connections plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MartyThornley Photographer Connections photographer-connections allows Stored XSS.This issue affects Photographer Connections: from n/a through = 1.3.1...
WordPress plugin Photographer Connections 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-35181 · Unknown · Marty Thornley Photographer Connections
Name of the Vulnerable Software and Affected Versions: Marty Thornley Photographer Connections versions 1.3.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
WordPress Photographer Connections plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Photographer Connections versions = 1.3.1...
WordPress Photographer Connections Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Photographer Connections Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52340 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 051ac84967a6 Credits SOPROBRO Required privilege...
The Unusual Espionage Act Case Against a Drone Photographer
In seemingly the first case of its kind, the US Justice Department has charged a Chinese national with using a drone to photograph a Virginia shipyard where the US Navy was assembling nuclear submarines...
tours.texasrealestatephotographer.com Cross Site Scripting vulnerability OBB-3848037
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress photographer-directory Plugin < 1.0.9 is vulnerable to Privilege Escalation
Software photographer-directory Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 44093df6ab0d Credits Omar Badran Required...
amalficoastweddingphotographer.it Cross Site Scripting vulnerability OBB-3050732
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
IcedID Circulates Via Web Forms, Google URLs
Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a...
HackerOne: h1-202 leaderboard photo discloses local wifi password
Summary: the h1-202 event took several photos for the event that rotate on the public leaderboard. One of these photos disclosed the local wifi SSID and Password. Description: SSID: HackerOne Password: █████████ Steps To Reproduce 1. Look at the photo attached Remediation Have your staff...
Photographer Girl - Dream Job - Dangerous filesystem permissions, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Photographer Girl - Dream Job published at the 'play' market has multiple vulnerabilities...
DEBIAN-CVE-2014-9236
Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...
UBUNTU-CVE-2014-9236
Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...
SA-CONTRIB-2013-055 - Hatch - Cross Site Scripting
Hatch theme is a simple and minimal portfolio theme for photographers, illustrators, designers, or photobloggers. The theme didn't sufficiently escape user supplied text prior to printing them. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...