Lucene search
K

7 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:6 p.m.3 views

Malicious code in twentytwentyone (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 022aaabc9c3c5a59caaeef5248c72ca2e27ebb9f2cf1dfd54cf1fe144fd43b77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:6 p.m.6 views

MAL-2024-3242 Malicious code in twentytwentyone (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 022aaabc9c3c5a59caaeef5248c72ca2e27ebb9f2cf1dfd54cf1fe144fd43b77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/11/16 12:0 a.m.10 views

Debian DSA-5279-1 : wordpress - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5279 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...

5.6AI score
Exploits0References4
wpexploit
wpexploit
added 2021/09/21 12:0 a.m.773 views

Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues Add the following payload in the Title or Description of a Video added in a List/Gallery: "onmouseover=alert/XSS/// Then view the...

4.8CVSS0.00598EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.494 views

CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks As a user with a role as low as contributor, put the following shortcode in a post/page and view/preview it to trigger the XSS which is specific to...

5.4CVSS0.3AI score0.00604EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.111 views

Yada Wiki < 3.4.1 - Contributor+ Stored XSS

The plugin did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue - Create a wiki page. If there is already a page, you can skip. The page can be a draft. - Add this shortcode to a post/page, view it and move the mouse over the...

3.5CVSS0.2AI score0.00547EPSS
Exploits1
Circl
Circl
added 2021/02/23 8:35 p.m.4 views

CVE-2021-22113

creationtimestamp| type| source ---|---|--- 2021-02-23 20:35:28+00:00| seen| https://t.me/cibsecurity/24012...

5.3CVSS5.9AI score0.00819EPSS
Exploits0References1
Rows per page
Query Builder