95 matches found
Cross-site Scripting (XSS)
Overview lazysizes is a fast jank-free, SEO-friendly and self-initializing lazyloader for images including responsive images picture/srcset, iframes, scripts/widgets and much more. It also prioritizes resources by differentiating between crucial in view and near view elements to make perceived...
Cross-Site Scripting
Overview Versions of lazysizes prior to 5.2.1-rc1 are vulnerable to Cross-Site Scripting. The video-embed plugin fails to sanitize the following attributes: data-vimeo, data-vimeoparams, data-youtube and data-ytparams. This allows attackers to execute arbitrary JavaScript in a victim's browser if...
Cross-Site Scripting (XSS)
lazysizes is vulnerable to cross-site scripting XSS. The attributes data-vimeo, data-vimeoparams, data-youtube and data-ytparams are not sanitized by the video-embed plugin, allowing a remote attacker to inject and execute arbitrary Javascript in the user's browser via the affected parameters...
Embed Video Scripts - Persistent Cross-Site Scripting
Embed Video Scripts - Persistent Cross-Site Scripting Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor...
WordPress Plugin Advanced Video 1.0 - Local File Inclusion
WordPress Plugin Advanced Video 1.0 - Local File Inclusion !/usr/bin/env python Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation Google Dork: N/A Date: 04/01/2016 Exploit Author: evait security GmbH Vendor Homepage: arshmultani - http://dscom.it/ Softwar...
WordPress Advanced Video Embed File Disclosure
File disclosure vulnerability in WordPress Advanced Video Embed plugin Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
recorder.aacsb.edu XSS vulnerability
Open Bug Bounty ID: OBB-46255 Description| Value ---|--- Affected Website:| recorder.aacsb.edu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
Vulnerabilities in multiple plugins for WordPress with VideoJS
Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites...
WordPress Video JS Cross Site Scripting
Hello list! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites a...
Wordpress Video Embed & Thumbnail Generator 1.1 RCE (Linux)
Remote code execution vulnerability in Wordpress Video Embed & Thumbnail Generator plugin Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Wordpress Video Embed & Thumbnail Generator 1.1 RCE (Windows)
Remote code execution vulnerability in Wordpress Video Embed & Thumbnail Generator plugin Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Design/Logic Flaw
The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors...
CVE-2012-1786
The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors...
CVE-2012-1786
The CVE-2012-1786 entry concerns the WordPress plugin Video Embed & Thumbnail Generator (pre-2.0). Affected component: Media Upload form. Root cause: path disclosure allowing remote attackers to obtain the installation path via unknown vectors. Impact: information disclosure; exploitation details...
WordPress Video Embed & Thumbnail Generator Plugin <= 1.9 - Path Disclosure
Because of this vulnerability, the attackers can obtain the installation path via unknown vectors. Solution Update the plugin...