30 matches found
CVE-2024-2936
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
EUVD-2024-32601
Malicious code in bioql PyPI...
EUVD-2024-17199
Malicious code in bioql PyPI...
CVE-2024-4473
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-4036
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...
CVE-2024-4036
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...
CVE-2024-4036
CVE-2024-4036 concerns the Sydney Toolbox plugin for WordPress. It enables Stored Cross-Site Scripting via the style parameter in all versions up to and including 1.30. The vulnerability requires authentication with at least Contributor access and can allow injection of arbitrary scripts that exe...
CVE-2024-4036 Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...
CVE-2024-4036 Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...
Sydney Toolbox < 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...
CVE-2024-3208
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2024-3208
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2024-3208
Sydney Toolbox (WordPress plugin) : CVE-2024-3208 describes a Stored XSS in the Filterable Gallery widget affecting versions up to 1.28. The defect is due to insufficient input sanitization/
CVE-2024-3208 Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
WordPress Sydney Toolbox Plugin <= 1.28 is vulnerable to Cross Site Scripting (XSS)
Software Sydney Toolbox Type Plugin Vulnerable versions = 1.28 Fixed in 1.29 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3208 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 891857493b6c Credits wesley wcraft Required...
Sydney Toolbox < 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery
Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-2936
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-2936
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...