Lucene search
+L

95 matches found

Snyk
Snyk
added 2020/04/21 11:42 a.m.2 views

Cross-site Scripting (XSS)

Overview lazysizes is a fast jank-free, SEO-friendly and self-initializing lazyloader for images including responsive images picture/srcset, iframes, scripts/widgets and much more. It also prioritizes resources by differentiating between crucial in view and near view elements to make perceived...

5.7CVSS6.2AI score0.00889EPSS
Exploits1References2
Node.js
Node.js
added 2020/03/17 2:47 p.m.16 views

Cross-Site Scripting

Overview Versions of lazysizes prior to 5.2.1-rc1 are vulnerable to Cross-Site Scripting. The video-embed plugin fails to sanitize the following attributes: data-vimeo, data-vimeoparams, data-youtube and data-ytparams. This allows attackers to execute arbitrary JavaScript in a victim's browser if...

7.2AI score
Exploits0Affected Software1
Veracode
Veracode
added 2020/03/10 2:51 a.m.19 views

Cross-Site Scripting (XSS)

lazysizes is vulnerable to cross-site scripting XSS. The attributes data-vimeo, data-vimeoparams, data-youtube and data-ytparams are not sanitized by the video-embed plugin, allowing a remote attacker to inject and execute arbitrary Javascript in the user's browser via the affected parameters...

5.4CVSS6AI score0.00889EPSS
Exploits1References4Affected Software1
exploitpack
exploitpack
added 2019/01/07 12:0 a.m.18 views

Embed Video Scripts - Persistent Cross-Site Scripting

Embed Video Scripts - Persistent Cross-Site Scripting Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2016/04/01 12:0 a.m.28 views

WordPress Plugin Advanced Video 1.0 - Local File Inclusion

WordPress Plugin Advanced Video 1.0 - Local File Inclusion !/usr/bin/env python Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation Google Dork: N/A Date: 04/01/2016 Exploit Author: evait security GmbH Vendor Homepage: arshmultani - http://dscom.it/ Softwar...

0.1AI score
Exploits0
Dsquare
Dsquare
added 2015/05/01 12:0 a.m.53 views

WordPress Advanced Video Embed File Disclosure

File disclosure vulnerability in WordPress Advanced Video Embed plugin Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

0.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2014/07/05 10:0 p.m.9 views

recorder.aacsb.edu XSS vulnerability

Open Bug Bounty ID: OBB-46255 Description| Value ---|--- Affected Website:| recorder.aacsb.edu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.144 views

Vulnerabilities in multiple plugins for WordPress with VideoJS

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2013/05/14 12:0 a.m.20 views

WordPress Video JS Cross Site Scripting

Hello list! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites a...

Exploits0
Dsquare
Dsquare
added 2012/03/26 12:0 a.m.48 views

Wordpress Video Embed & Thumbnail Generator 1.1 RCE (Linux)

Remote code execution vulnerability in Wordpress Video Embed & Thumbnail Generator plugin Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

7.5CVSS1.2AI score0.03448EPSS
Exploits2
Dsquare
Dsquare
added 2012/03/26 12:0 a.m.49 views

Wordpress Video Embed & Thumbnail Generator 1.1 RCE (Windows)

Remote code execution vulnerability in Wordpress Video Embed & Thumbnail Generator plugin Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

7.5CVSS0.9AI score0.03448EPSS
Exploits2
Prion
Prion
added 2012/03/19 6:55 p.m.10 views

Design/Logic Flaw

The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors...

5CVSS7.2AI score0.02303EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/03/19 6:0 p.m.22 views

CVE-2012-1786

The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors...

6.6AI score0.02303EPSS
Exploits0References3
CVE
CVE
added 2012/03/19 6:0 p.m.45 views

CVE-2012-1786

The CVE-2012-1786 entry concerns the WordPress plugin Video Embed & Thumbnail Generator (pre-2.0). Affected component: Media Upload form. Root cause: path disclosure allowing remote attackers to obtain the installation path via unknown vectors. Impact: information disclosure; exploitation details...

5CVSS6.8AI score0.02303EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2012/03/19 12:0 a.m.15 views

WordPress Video Embed & Thumbnail Generator Plugin <= 1.9 - Path Disclosure

Because of this vulnerability, the attackers can obtain the installation path via unknown vectors. Solution Update the plugin...

5CVSS5.3AI score0.02303EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder