21 matches found
EUVD-2025-13954
Malicious code in bioql PyPI...
CVE-2023-3755
A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filterlistings. The manipulation of the argument price-range leads to cross site scripting. The attack c...
CVE-2025-4127
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-4127
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin WP SEO Structured Data Schema 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Rounding in the unwrap function in rUSDY may cause fund loss for users.
Lines of code Vulnerability details Impact Rouding with BPSDENOMINATOR in function unwrap in rUSDY.sol may cause users to be transfered back less than expected USDY. POC The rUSDY.sol contract provides a way to wrap an amount of USDY as shares in order to gain profit in rUSDY. This is done throug...
_reserveTokenSpecified does not check if price is in allowed range
Lines of code Vulnerability details Impact Price could go out of range Proof of Concept EvolvingProteus defines a price range using 2 constants, MAXM and MINM: int128 constant MAXM = 0x5f5e1000000000000000000; int128 constant MINM = 0x00000000000002af31dc461; These constants are used in...
Potential Exploitation due to Lack of Price Range Checks in Oracle Implementation
Lines of code Vulnerability details Impact Chainlink aggregators have a built in circuit breaker if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value i.e. LUNA crash the price of the oracle will continue to return the...
CVE-2023-3755
A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filterlistings. The manipulation of the argument price-range leads to cross site scripting. The attack c...
CVE-2023-3755
A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filterlistings. The manipulation of the argument price-range leads to cross site scripting. The attack c...
Cross site scripting
A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filterlistings. The manipulation of the argument price-range leads to cross site scripting. The attack c...
CVE-2023-3755 Creativeitem Atlas Business Directory Listing filter_listings cross site scripting
A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filterlistings. The manipulation of the argument price-range leads to cross site scripting. The attack c...
CVE-2023-3755
The connected sources confirm a concrete vulnerability in Creativeitem Atlas Business Directory Listing version 2.13, affecting the function/file path /home/filter_listings. The root cause is manipulation of the price-range parameter, which leads to a cross-site scripting (XSS) vulnerability. The...
PT-2023-26016 · Creativeitem · Creativeitem Atlas Business Directory Listing
Name of the Vulnerable Software and Affected Versions: Creativeitem Atlas Business Directory Listing version 2.13 Description: A vulnerability has been found in the file /home/filter listings, where the manipulation of the price-range argument leads to cross-site scripting. The attack can be...
Atlas Business Directory Listing 跨站脚本漏洞
codecanyon Atlas Business Directory Listing is a system by codecanyon, Inc. A cross-site scripting vulnerability exists in Atlas Business Directory Listing version 2.13, which stems from a cross-site scripting XSS vulnerability in the parameter price-range...
Atlas Business Directory Listing 2.13 Cross Site Scripting
Exploit Title: Atlas Business Directory Listing 2.13 - Reflected XSS Exploit Author: CraCkEr Date: 09/07/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/atlas/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site...
Contract Owner Possesses Too Many Privileges
Lines of code Vulnerability details Impact The owner has many privileges in the contract: setBlockDelay, setAllowedVault, setMaxWinPorcent, setLimitOrdenPriceRange, setFees, setTradingExtension Proof of Concept function setBlockDelay uint blockDelay external onlyOwner blockDelay = blockDelay; /...
Add liquidity before phase 3 can force the launch event to stop
Handle WatchPug Vulnerability details function createPair external isStoppedfalse atPhasePhase.PhaseThree address wavaxAddress, address tokenAddress = addressWAVAX, addresstoken ; require factory.getPairwavaxAddress, tokenAddress == address0 || IJoePair IJoeFactoryfactory.getPairwavaxAddress,...
WooCommerce Product Table Lite < 2.4.0 - Reflected Cross-Site Scripting
The plugin does not escape the pricerangemin and pricerangemax parameters before outputting them back in attributes, leading a Reflected Cross-Site Scripting issue PoC On a page where there is a Product Table with a Price filter, append the following payload to the min and max price...
uListing < 2.0.4 - Unauthenticated SQL Injection
An Unauthenticated SQL Injection vulnerability was discovered in the plugin. Vulnerable parameters: custom. SQL Injection types: Error-based, Boolean-based Blind, Time-based Blind. PoC 1 | Unauthenticated SQL Injection | Tables: sqlmap...