19 matches found
EUVD-2011-3815
Malware in sbrugna...
pixiv: Non-premium user can disable Ads in japanese version of dic.pixiv.net
A vulnerability was identified in the Japanese version of the pixiv dictionary website where non-premium users could disable advertisements. Normally, the ability to disable ads was restricted to premium users only. However, due to improper access control, any authenticated user could modify thei...
CVE-2011-3858
Cross-site scripting XSS vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
pixiv: Bypassing Inbox Privacy Settings and Enabling Spam on Pixiv.net
A vulnerability was discovered in the messaging system of Pixiv.net. The vulnerability allowed any user to bypass the inbox privacy settings and send messages to another user who had disabled their inbox. The vulnerability was triggered by manipulating the id parameter in the message-sending POST...
Malicious code in pixiv-novel-editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ab4e5119a339b3970c17507784181c47d0872a8f642804a5d5a1bd4182e381e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
pixiv: clickjacing can lead to account takeover
An endpoint on the website https://sketch.pixiv.net/draw was discovered to be vulnerable to clickjacking. Proof-of-concept code was provided to demonstrate how a user could be tricked into performing unintended actions on the website...
pixiv: Stealing Users OAuth authorization code via redirect_uri
A path traversal vulnerability in the OAuth redirecturi parameter allowed attackers to redirect authenticated users to their product page with their OAuth credentials, potentially leading to account takeover. This could occur due to the leakage of the user's authorization code via the query strin...
pixiv: Reset any password
Summary: When I try to reset the password, the verification code of the mailbox is 6 digits, and there is no limit on the number of submissions, so I can reset the password of any user. Steps To Reproduce: 1.input the email reset password url. F595146 click the "submit" button F595147 input the...
pixiv: RCE due to ImageTragick v2
Hello Pixiv team! Your Image processing process suffering from ImageTragick v2. Issue is caused by ghostscript RCE findnings. How to reproduce: PATCH /design Host: manage.booth.pm send following image: ------WebKitFormBoundaryXX05yrKS4g8d9CWh Content-Disposition: form-data; name="shopheader";...
WordPress Multiple Themes 's' Parameter XSS Vulnerabilities (Oct 2011) - Active Check
At least one theme of WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress Pixiv Custom Theme 2.1.5 - Cross Site Scripting
WordPress Pixiv Custom theme's "cpage" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...
WordPress Theme Pixiv Custom Theme 2.1.5 - 'cpage' Cross-Site Scripting
source: https://www.securityfocus.com/bid/49875/info The Pixiv Custom theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
WordPress Theme Pixiv Custom Theme 2.1.5 - cpage Cross-Site Scripting
WordPress Theme Pixiv Custom Theme 2.1.5 - cpage Cross-Site Scripting source: https://www.securityfocus.com/bid/49875/info The Pixiv Custom theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this...
CVE-2011-3858
Cross-site scripting XSS vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2011-3858
Cross-site scripting XSS vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2011-3858
CVE-2011-3858: XSS in the Pixiv Custom WordPress theme prior to 2.1.6. The vulnerability is triggered via the s parameter, allowing remote attackers to inject arbitrary script/HTML. Affected product: Pixiv Custom theme for WordPress; affected version range: before 2.1.6. Root cause is insufficien...
PT-2011-4734 · Pixiv · Pixiv Custom Theme
Name of the Vulnerable Software and Affected Versions: Pixiv Custom theme versions prior to 2.1.6 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the s parameter. Recommendations: For versions prior to...
Pixiv Custom < 2.1.6 - XSS
The Pixiv Custom WordPress theme was affected by a XSS security vulnerability...