Lucene search
K

119 matches found

OSV
OSV
added 2021/09/20 10:15 a.m.5 views

CVE-2021-24597

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used...

5.4CVSS6.1AI score0.00604EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/09/20 10:6 a.m.22 views

CVE-2021-24618 Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...

5.5AI score0.00374EPSS
Exploits2References1
CVE
CVE
added 2021/09/20 10:6 a.m.52 views

CVE-2021-24618

The CVE-2021-24618 entry concerns the Donate With QRCode WordPress plugin (versions before 1.4.5). The issue is a Stored XSS in the QRCode Image setting caused by inadequate sanitisation/escaping, compounded by missing CSRF and capability checks when saving the setting. This allows an authenticat...

5.4CVSS5.3AI score0.00374EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/09/20 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

5.4CVSS5.4AI score0.00604EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/09/20 12:0 a.m.6 views

PT-2021-16134 · WordPress · Donate With Qrcode

Name of the Vulnerable Software and Affected Versions: Donate With QRCode WordPress plugin versions prior to 1.4.5 Description: The issue is related to a Stored Cross-Site Scripting XSS attack. The plugin does not sanitise or escape its QRCode Image setting, allowing any authenticated user, or...

5.4CVSS5.3AI score0.00374EPSS
Exploits2References5
WPVulnDB
WPVulnDB
added 2021/08/19 12:0 a.m.9 views

Donate With QRCode <= 1.4.5 - Plugin's Setting Update via CSRF

The plugin does not have CSRF check in place when saving its settings, which could allow attackers to make a logged in admin update them PoC...

4.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/19 12:0 a.m.18 views

Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting

The plugin does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user as low as subscriber, or unauthenticat...

5.4CVSS0.6AI score0.00374EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/08/19 12:0 a.m.731 views

Donate With QRCode <= 1.4.5 - Plugin's Setting Update via CSRF

The plugin does not have CSRF check in place when saving its settings, which could allow attackers to make a logged in admin update them...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/08/19 12:0 a.m.616 views

Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting

The plugin does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user as low as subscriber, or unauthenticat...

5.4CVSS5.3AI score0.00374EPSS
Exploits2
Rockylinux
Rockylinux
added 2021/05/18 6:14 a.m.57 views

idm:DL1 and idm:client security, bug fix, and enhancement update

An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

6.9CVSS7.7AI score0.8383EPSS
Exploits6
Veracode
Veracode
added 2021/04/09 4:43 a.m.9 views

Information Disclosure

flask-security-too is vulnerable to information disclosure. The /tf-qrcode endpoint returns the authenticated user's two-factor authentication codes when GET request is submitted. This allows a remote attacker to perform CSRF attacks on a victim to obtain the two-factor authentication codes. The...

4.5AI score
Exploits0
OSV
OSV
added 2021/04/08 4:46 p.m.20 views

GHSA-FXQ4-R6MR-9X64 CSRF Vuln can expose user's QRcode

Impact When a user is setting up two-factor authentication using an authenticator app, a QRcode is generated and made available via a GET request to /tf-qrcode. Since GETs do not have any CSRF protection, it is possible a malicious 3rd party could access the QRcode and therefore gain access to...

7.2AI score
Exploits0References2
Rockylinux
Rockylinux
added 2021/02/16 7:34 a.m.15 views

DL1 bug fix and enhancement update

An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky...

1.3AI score
Exploits0
Rockylinux
Rockylinux
added 2020/11/04 12:56 a.m.14 views

DL1 bug fix update

An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky...

1.9AI score
Exploits0
Rockylinux
Rockylinux
added 2020/11/03 12:25 p.m.82 views

idm:DL1 and idm:client security, bug fix, and enhancement update

An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky...

6.9CVSS7.9AI score0.99019EPSS
Exploits16
OSV
OSV
added 2020/09/01 9:22 p.m.13 views

GHSA-H5VJ-F7R9-W564 Entropy Backdoor in text-qrcode

All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...

9.8CVSS7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/01 9:22 p.m.52 views

Entropy Backdoor in text-qrcode

All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...

1.4AI score
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2020/08/17 9:59 a.m.26 views

qrcode-generator.ch Cross Site Scripting vulnerability OBB-1261893

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Rockylinux
Rockylinux
added 2020/04/28 8:59 a.m.12 views

DL1 bug fix and enhancement update

An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For...

2.5AI score
Exploits0
Rockylinux
Rockylinux
added 2019/12/17 9:19 a.m.38 views

DL1 bug fix update

An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bug Fixes: IPA upgrade...

8.8CVSS2.2AI score0.06329EPSS
Exploits0
Rows per page
Query Builder