8 matches found
EUVD-2015-1118
Malware in sbrugna...
CVE-2024-3674
The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdoc' shortcode in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'chartresolution'...
CVE-2024-3674
The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdoc' shortcode in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'chartresolution'...
CVE-2024-3674
The CVE-2024-3674 entry concerns the Inline Google Spreadsheet Viewer WordPress plugin. Affected versions: all up to 0.13.2, due to insufficient input sanitization and output escaping on gdoc shortcode attributes (e.g., chart_resolution). This enables stored cross-site scripting (XSS) by authenti...
WordPress Inline Google Spreadsheet Viewer Plugin <= 0.13.2 is vulnerable to Cross Site Scripting (XSS)
Software Inline Google Spreadsheet Viewer Type Plugin Vulnerable versions = 0.13.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3674 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 23328dda23e9 Credits Krzyszto...
Cross site request forgery (csrf)
A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be...
PT-2023-10287 · Meitar · Meitar Inline Google Spreadsheet Viewer Plugin
Name of the Vulnerable Software and Affected Versions: meitar Inline Google Spreadsheet Viewer Plugin versions up to 0.9.6 Description: A vulnerability was found in the meitar Inline Google Spreadsheet Viewer Plugin, which is classified as problematic. The issue affects the displayShortcode...
Sign-up Sheets < 1.0.14 - Authenticated CSV Injection
The plugin does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue Go to the Sign-up Sheets-- Add New. Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button. =cmd|' /C...