8 matches found
EUVD-2022-43316
Malicious code in bioql PyPI...
CVE-2022-3987
The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3987 Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS
The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3987 Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS
The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
PT-2022-25061 · WordPress · Responsive Lightbox2
Name of the Vulnerable Software and Affected Versions: Responsive Lightbox2 WordPress plugin versions prior to 1.0.4 Description: The issue is related to the lack of validation and escaping of some shortcode attributes, which could allow users with a role as low as contributor to perform Stored...
WordPress plugin Responsive Lightbox2 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Responsive Lightbox2 1.0.2 Cross Site Scripting
Exploit Title: WordPress Responsive Lightbox2 Plugin v1.0.2 - Persistent Cross-Site Scripting Date: 2020-08-14 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/responsive-lightbox2/developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...
Responsive Lightbox2 < 1.0.3 - Authenticated Stored Cross-Site Scripting
The ‘hyperlink’ field in used while linking an image from a URL was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using...