17 matches found
EUVD-2023-33889
Malicious code in bioql PyPI...
EUVD-2023-33891
Malicious code in bioql PyPI...
CVE-2023-2399
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...
CVE-2023-2401
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2401
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2399
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...
CVE-2023-2399
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...
CVE-2023-2401
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Input validation
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...
CVE-2023-2399 qubotchat < 1.1.6 - Unauthenticated Stored XSS
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...
CVE-2023-2399 qubotchat < 1.1.6 - Unauthenticated Stored XSS
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...
CVE-2023-2399
The CVE-2023-2399 entry concerns the QuBot WordPress plugin. Affected version: prior to 1.1.6. Root cause: the plugin fails to filter user input in chat, allowing unauthenticated users to inject code that is reflected in the user dashboard (stored XSS). Documented impact: described as Unauthentic...
CVE-2023-2401
CVE-2023-2401 affects QuBotChat (QuBot WordPress plugin) prior to version 1.1.6. The issue is due to insufficient sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) in scenarios like multisite. A fix is available in version 1.1.6. Public details ...
CVE-2023-2401 Qubotchat < 1.1.6 – Admin+ Stored XSS
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2401 Qubotchat < 1.1.6 – Admin+ Stored XSS
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-19340 · WordPress · Qubot
Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue concerns the QuBot WordPress plugin, where it fails to filter user input on chat. This allows malicious code to be inserted and reflected on the user dashboard...
PT-2023-19360 · WordPress · Qubot
Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisit...