EUVD-2022-6339

Malicious code in bioql PyPI...

CVE-2023-6555

The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

GHSA-GMH3-X5W7-JG5M Microweber before v1.2.20 vulnerable to cross-site scripting

Prior to Microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery CSRF, fetch contents from same-site and redirect a user...

Microweber before v1.2.20 vulnerable to cross-site scripting

Prior to Microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery CSRF, fetch contents from same-site and redirect a user...

Cross site request forgery (csrf)

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user...

CVE-2022-2353 Cross-Site Request Forgery (CSRF) in microweber/microweber

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user...

CVE-2022-2353

CVE-2022-2353 affects microweber/microweber prior to v1.2.20. The root cause is improper neutralization of input, enabling an attacker to steal tokens and perform cross-site request forgery, fetch contents from the same-site, and redirect a user. Impact is described as token theft and CSRF-relate...