44 matches found
EUVD-2005-4188
Malware in sbrugna...
EUVD-2014-8202
Malware in sbrugna...
EUVD-2006-1093
Malware in sbrugna...
EUVD-2009-5032
Malware in sbrugna...
EUVD-2006-4653
Malware in sbrugna...
EUVD-2015-5412
Malware in sbrugna...
EUVD-2006-7069
Malware in sbrugna...
EUVD-2007-4524
Malware in sbrugna...
EUVD-2008-4743
Malware in sbrugna...
EUVD-2023-54161
Malicious code in bioql PyPI...
EUVD-2022-24555
Malicious code in bioql PyPI...
EUVD-2022-24556
Malicious code in bioql PyPI...
CVE-2022-1216
The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...
CVE-2014-8365
Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...
Cross site scripting
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
CVE-2023-4290 WP Matterport Shortcode < 2.1.7 - Reflected XSS
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
CVE-2022-1217 Custom TinyMCE Shortcode Button <= 1.1 - Reflected Cross-Site Scripting
The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...
PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons
Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits the PHPSELF variable. In yesterday’s post, we described another plugin, underConstruction, suffering from a similar vulnerability related to the use of...
Cross-site Scripting (XSS) - Reflected in pheditor/pheditor
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
CVE-2015-5456
PivotX is affected by CVE-2015-5456: an XSS in the form method (modules/formclass.php) present in PivotX versions before 2.3.11. The vulnerability is triggered via PATH_INFO (related to PHP_SELF) and form actions, allowing remote injection of script/html with no authentication. NVD notes CVSSv2 b...