7 matches found
Malicious code in twentytwentyone (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 022aaabc9c3c5a59caaeef5248c72ca2e27ebb9f2cf1dfd54cf1fe144fd43b77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-3242 Malicious code in twentytwentyone (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 022aaabc9c3c5a59caaeef5248c72ca2e27ebb9f2cf1dfd54cf1fe144fd43b77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Debian DSA-5279-1 : wordpress - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5279 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...
Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Admin+ Stored Cross-Site Scripting
The plugin does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues Add the following payload in the Title or Description of a Video added in a List/Gallery: "onmouseover=alert/XSS/// Then view the...
CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting
The plugin does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks As a user with a role as low as contributor, put the following shortcode in a post/page and view/preview it to trigger the XSS which is specific to...
Yada Wiki < 3.4.1 - Contributor+ Stored XSS
The plugin did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue - Create a wiki page. If there is already a page, you can skip. The page can be a draft. - Add this shortcode to a post/page, view it and move the mouse over the...
CVE-2021-22113
creationtimestamp| type| source ---|---|--- 2021-02-23 20:35:28+00:00| seen| https://t.me/cibsecurity/24012...