44 matches found
EUVD-2013-2638
Malware in sbrugna...
EUVD-2024-28468
Malicious code in bioql PyPI...
EUVD-2022-25167
Malicious code in bioql PyPI...
CVE-2024-30548
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noah Kagan underConstruction allows Stored XSS.This issue affects underConstruction: from n/a through 1.21...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2024-30548
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noah Kagan underConstruction allows Stored XSS.This issue affects underConstruction: from n/a through 1.21...
CVE-2024-30548
CVE-2024-30548 affects the WordPress plugin underConstruction (Noah Kagan) with a Stored XSS flaw due to improper input neutralization during web page generation. Affected range is from n/a up to version 1.21. The provided documents explicitly name the vulnerability class and the product, but do ...
CVE-2024-30548 WordPress underConstruction plugin <= 1.21 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noah Kagan underConstruction allows Stored XSS.This issue affects underConstruction: from n/a through 1.21...
WordPress Plugin underConstruction 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress underConstruction plugin <= 1.21 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez Patchstack Alliance in WordPress Plugin underConstruction versions = 1.21...
WordPress underConstruction Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)
Software underConstruction Type Plugin Vulnerable versions = 1.21 Fixed in 1.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30548 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b0c168347691 Credits Felipe Restrepo Rodriguez Required...
WordPress underConstruction plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress underConstruction plugin...
WordPress underConstruction plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2022-1896 underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2022-1896
The CVE-2022-1896 entry concerns the WordPress underConstruction plugin pre-1.21. The vulnerability arises because the setting “Display a custom page using your own HTML” is not sanitized/escaped before output, allowing stored Cross-Site Scripting by high-privilege users even when unfiltered_html...