119 matches found
CVE-2021-24597
The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used...
CVE-2021-24618 Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...
CVE-2021-24618
The CVE-2021-24618 entry concerns the Donate With QRCode WordPress plugin (versions before 1.4.5). The issue is a Stored XSS in the QRCode Image setting caused by inadequate sanitisation/escaping, compounded by missing CSRF and capability checks when saving the setting. This allows an authenticat...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...
PT-2021-16134 · WordPress · Donate With Qrcode
Name of the Vulnerable Software and Affected Versions: Donate With QRCode WordPress plugin versions prior to 1.4.5 Description: The issue is related to a Stored Cross-Site Scripting XSS attack. The plugin does not sanitise or escape its QRCode Image setting, allowing any authenticated user, or...
Donate With QRCode <= 1.4.5 - Plugin's Setting Update via CSRF
The plugin does not have CSRF check in place when saving its settings, which could allow attackers to make a logged in admin update them PoC...
Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting
The plugin does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user as low as subscriber, or unauthenticat...
Donate With QRCode <= 1.4.5 - Plugin's Setting Update via CSRF
The plugin does not have CSRF check in place when saving its settings, which could allow attackers to make a logged in admin update them...
Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting
The plugin does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user as low as subscriber, or unauthenticat...
idm:DL1 and idm:client security, bug fix, and enhancement update
An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
Information Disclosure
flask-security-too is vulnerable to information disclosure. The /tf-qrcode endpoint returns the authenticated user's two-factor authentication codes when GET request is submitted. This allows a remote attacker to perform CSRF attacks on a victim to obtain the two-factor authentication codes. The...
GHSA-FXQ4-R6MR-9X64 CSRF Vuln can expose user's QRcode
Impact When a user is setting up two-factor authentication using an authenticator app, a QRcode is generated and made available via a GET request to /tf-qrcode. Since GETs do not have any CSRF protection, it is possible a malicious 3rd party could access the QRcode and therefore gain access to...
DL1 bug fix and enhancement update
An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky...
DL1 bug fix update
An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky...
idm:DL1 and idm:client security, bug fix, and enhancement update
An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky...
GHSA-H5VJ-F7R9-W564 Entropy Backdoor in text-qrcode
All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...
Entropy Backdoor in text-qrcode
All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...
qrcode-generator.ch Cross Site Scripting vulnerability OBB-1261893
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
DL1 bug fix and enhancement update
An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For...
DL1 bug fix update
An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bug Fixes: IPA upgrade...