66 matches found
EUVD-2024-29159
Malicious code in bioql PyPI...
EUVD-2023-55562
Malicious code in bioql PyPI...
CVE-2024-31263
Cross-Site Request Forgery CSRF vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4...
CVE-2023-50829
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3...
CVE-2024-31263
Cross-Site Request Forgery CSRF vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4...
CVE-2024-31263 WordPress Loan Repayment Calculator and Application Form plugin <= 2.9.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4...
CVE-2024-31263
CVE-2024-31263 is a CSRF vulnerability in the WordPress plugin Loan Repayment Calculator and Application Form (aka quick-interest-slider), affecting versions up to 2.9.4. The connected documents provide the vulnerability and affected version but do not specify exploit details, affected environmen...
CVE-2024-31263 WordPress Loan Repayment Calculator and Application Form plugin <= 2.9.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4...
PT-2024-23907 · Unknown · Aerin Loan Repayment Calculator/Application Form
Name of the Vulnerable Software and Affected Versions: aerin Loan Repayment Calculator and Application Form versions 2.9.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintende...
WordPress Plugin Loan Repayment Calculator and Application Form 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists ...
WordPress Loan Repayment Calculator and Application Form plugin <= 2.9.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy Patchstack Alliance in WordPress Plugin Quick Interest Slider versions = 2.9.4...
WordPress Loan Repayment Calculator and Application Form Plugin <= 2.9.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Loan Repayment Calculator and Application Form Type Plugin Vulnerable versions = 2.9.4 Fixed in 2.9.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31263 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...
CVE-2023-50829
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3...
CVE-2023-50829 WordPress Loan Repayment Calculator and Application Form Plugin <= 2.9.3 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3...
CVE-2023-50829 WordPress Loan Repayment Calculator and Application Form Plugin <= 2.9.3 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3...
CVE-2023-50829
CVE-2023-50829 is an authenticated-admin stored XSS vulnerability in the Loan Repayment Calculator and Application Form (plugin slug quick-interest-slider). The issue affects the plugin versions from n/a up to and including 2.9.3 and is described as improper neutralization of input during web pag...
repay(), liquidate() and liquidateWLp() receive shares as argument, which may revert if from approval to tx settled blocks have passed
Lines of code Vulnerability details Impact repay, liquidate and liquidateWLp transactions revert if users approve the exact repay amount they need in the frontend and only after some blocks have passed is the transaction settled. This happens because the interest accrual is by timestamp, so the...
_handleRepay of MoneyMarketHook does not consider the actual debt shares of the posId inside the position manager and could lead to a user's tokens getting stuck inside the hook.
Lines of code Vulnerability details Impact When users construct repay operations via MoneyMarketHook, it doesn't consider the actual debt shares of the position inside the InitCore and PosManager. This could lead to users' tokens getting stuck inside the MoneyMarketHook contract. Proof of Concept...
Liquidator can get higher rate for liquidation
Lines of code Vulnerability details Proof of Concept When position is unhealthy then it can be liquidated. In order to incentivize someone to liquidate positions they receive some extra amount of collateral. This incentive percentage is calculated inside...