10 matches found
picreel.com XSS vulnerability
Open Bug Bounty ID: OBB-290303 Description| Value ---|--- Affected Website:| picreel.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
X (Formerly Twitter): [Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME
Hi, The following endpoints are exposed to reflected cross-site scripting by way of a vulnerable "plupload.flash.swf" component on WordPress. A comprehensive explanation of this vulnerability can be found on resolved report 134738: WordPress is vulnerable against a Same-Origin Method Execution SO...
bmax.com XSS vulnerability
Vulnerable URL: http://www.bmax.com/wp-includes/js/plupload/plupload.flash.swf?target%g=prompt%g=OPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5055942 VIP website...
CVE-2016-4566
The CVE-2016-4566 entry concerns a cross-site scripting (XSS) vulnerability in plupload.flash.swf (Plupload before 2.1.9) used by WordPress before 4.5.2. The flaw allows remote attackers to inject arbitrary script or HTML via a Same-Origin Method Execution (SOME) attack. Public details from conne...
WordPress < 4.5.2 Multiple XSS Vulnerabilities (May 2016) - Windows
WordPress is prone to multiple cross-site scripting XSS vulnerabilities in third-party libraries. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Pornhub: Same-Origin Method Execution bug in plupload.flash.swf on /insights
The researcher discovered a Same-Origin Method Execution SOME vulnerability on Pornhub's Insights blog. An insecure URL sanitization process was performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars in case they have been set GET parameters but fails to do so...
WordPress SOME bug in plupload.flash.swf
WordPress SOME bug in plupload.flash.swf Intro WordPress 4.5.1 is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization process performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they ha...
Automattic: WordPress SOME bug in plupload.flash.swf leading to RCE
Intro == WordPress is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization problem performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do s...
WordPress plupload Cross-Site Scripting Vulnerability - Windows
WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2015-3439
Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...