44 matches found
EUVD-2013-2638
Malware in sbrugna...
EUVD-2022-25167
Malicious code in bioql PyPI...
EUVD-2024-28468
Malicious code in bioql PyPI...
CVE-2024-30548
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noah Kagan underConstruction allows Stored XSS.This issue affects underConstruction: from n/a through 1.21...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2024-30548
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noah Kagan underConstruction allows Stored XSS.This issue affects underConstruction: from n/a through 1.21...
CVE-2024-30548
CVE-2024-30548 affects the WordPress plugin underConstruction (Noah Kagan) with a Stored XSS flaw due to improper input neutralization during web page generation. Affected range is from n/a up to version 1.21. The provided documents explicitly name the vulnerability class and the product, but do ...
CVE-2024-30548 WordPress underConstruction plugin <= 1.21 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noah Kagan underConstruction allows Stored XSS.This issue affects underConstruction: from n/a through 1.21...
WordPress Plugin underConstruction 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress underConstruction plugin <= 1.21 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez Patchstack Alliance in WordPress Plugin underConstruction versions = 1.21...
WordPress underConstruction Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)
Software underConstruction Type Plugin Vulnerable versions = 1.21 Fixed in 1.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30548 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b0c168347691 Credits Felipe Restrepo Rodriguez Required...
WordPress underConstruction plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...
WordPress underConstruction plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress underConstruction plugin...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1896
The CVE-2022-1896 entry concerns the WordPress underConstruction plugin pre-1.21. The vulnerability arises because the setting “Display a custom page using your own HTML” is not sanitized/escaped before output, allowing stored Cross-Site Scripting by high-privilege users even when unfiltered_html...
CVE-2022-1896 underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...