11 matches found
EUVD-2020-21105
Malware in sbrugna...
CVE-2020-28707
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting XSS via stockdiocharthistorical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage event is not validated. The stockdioeventer function listens for an...
CVE-2024-33905
In Telegram WebK before 2.0.0 488, a crafted Mini Web App allows XSS via the postMessage webappopenlink event type...
CVE-2024-33905
Telegram WebK before 2.0.0 is affected by an XSS flaw in the Mini Web App via the postMessage web_app_open_link event. Root cause: crafted Mini Web Apps can inject scripts. Affected product: Telegram WebK, versions prior to 2.0.0 (488). Reported by multiple sources; exploitation details are not p...
Cross-site Scripting (XSS)
reveal.js is vulnerable to cross-site scripting. The onmessage event listener in speaker-view.html does not properly check the origin of postMessage before being rendered on the webpage, allowing an attacker to inject and execute malicious javascript...
Cross-site Scripting (XSS) - DOM in hakimel/reveal.js
Description The onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input to parts using which attacker can...
WordPress Stockdio Historical Chart plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Stockdio Historical Chart plugin versions prior to 2.8....
Stockdio Historical Chart < 2.8.1 - Reflected Cross-Site Scripting (XSS)
The plugin was affected by a Reflected Cross-Site Scripting issue via the postMessage event. PoC Use the following code on another website...
CVE-2020-28707
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting XSS via stockdiocharthistorical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage event is not validated. The stockdioeventer function listens for an...
Cross site scripting
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting XSS via stockdiocharthistorical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage event is not validated. The stockdioeventer function listens for an...
CVE-2020-28707
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting XSS via stockdiocharthistorical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage event is not validated. The stockdioeventer function listens for an...