25 matches found
EUVD-2023-32771
Malicious code in bioql PyPI...
CVE-2024-4856
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...
WordPress FS Product Inquiry plugin <= 1.1.1 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin FS Product Inquiry versions = 1.1.1...
WordPress FS Product Inquiry plugin <= 1.1.1 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin FS Product Inquiry versions = 1.1.1...
CVE-2024-4856
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...
CVE-2024-4856
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...
CVE-2024-4857
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
CVE-2024-4857 FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
CVE-2024-4857 FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
WordPress FS Product Inquiry Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software FS Product Inquiry Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4857 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d08a96986e4a Credits Bob Matyas Requir...
WordPress FS Product Inquiry Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software FS Product Inquiry Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4856 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 989359976d53 Credits Bob Matyas Requir...
PT-2024-33147 · WordPress · Fs Product Inquiry Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: FS Product Inquiry WordPress plugin versions 1.1.1 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. Thi...
PT-2024-33149 · WordPress · Fs Product Inquiry
Name of the Vulnerable Software and Affected Versions: FS Product Inquiry WordPress plugin versions 1.1.1 and earlier Description: The issue allows unauthenticated users to perform Stored Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some form submissions...
FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS
Description The plugin does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks 1. Add an inquiry form using the shortcode fspi-show-products-list 2. As a non-logged in visitor, enter the payload "...
CVE-2023-6625
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack...
WSTMart Product Inquiry Component Cross-Site Scripting Vulnerability
WSTMart is a set of e-commerce system of Guangzhou Shangtao Information Technology Co. A cross-site scripting vulnerability exists in the product consultation component of WSTMart version 2.0.8181212, which can be exploited by remote attackers to inject arbitrary Web script or HTML with the help ...
Threat Outbreak Alert RuleID33039: Email Messages Distributing Malicious Software on June 22, 2018
Medium Alert ID: 58273 First Published: 2018 June 22 13:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID33039 may contain the following files: Name | Siz...
Threat Outbreak Alert RuleID29585: Email Messages Distributing Malicious Software on June 26, 2017
Medium Alert ID: 54315 First Published: 2017 June 26 19:20 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID29585 may contain the following files: Name | Siz...
Threat Outbreak Alert RuleID11569: Email Messages Distributing Malicious Software on September 15, 2014
Medium Alert ID: 35726 First Published: 2014 September 16 12:42 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID11569 may contain the following files: Name ...
Threat Outbreak Alert: Fake Payment Information Email Messages on May 29, 2014
Medium Alert ID: 34409 First Published: 2014 May 29 13:16 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product inquiry notification for the recipient. The text in the email message attempts to convince the recipient...