5 matches found
EUVD-2022-15752
Malicious code in bioql PyPI...
CVE-2022-0659
The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0659 Sync iCloud COS < 2.0.1 - Admin+ Stored Cross-Site Scripting
The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0659
CVE-2022-0659 affects the WordPress plugin “Sync QCloud COS” (pre-2.0.1). The vulnerability stems from the plugin not escaping certain settings, allowing admin or high-privilege users to perform Stored Cross-Site Scripting (XSS) even when unfiltered_html is disallowed. Impact is administrative/XS...