EUVD-2023-56198

Malicious code in bioql PyPI...

CVE-2024-11786

The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2023-51485

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13...

CVE-2024-11786 Login with Vipps and MobilePay <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-11786

CVE-2024-11786 refers to the WordPress plugin Login with Vipps and MobilePay, affected up to version 1.3.3. The vulnerability is Stored Cross‑Site Scripting via the plugin’s continue-with-vipps shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. T...

WordPress plugin Login with Vipps and MobilePay 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2024-17258 · WordPress · Login With Vipps/Mobilepay

Name of the Vulnerable Software and Affected Versions: Login with Vipps and MobilePay plugin for WordPress versions up to and including 1.3.3 Description: The issue is related to stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in...

WordPress Login with Vipps and MobilePay plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Login with Vipps and MobilePay versions = 1.3.3...

WordPress Login with Vipps and MobilePay Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Login with Vipps and MobilePay Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11786 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fdf93186291b Credits Peter...

CVE-2023-51485

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13...

CVE-2023-51485

CVE-2023-51485 is a Cross-Site Scripting (Stored XSS) vulnerability in the WordPress plugin “Pay with Vipps for WooCommerce” (WP Pay with Vipps). The issue arises from improper neutralization of user input during web page generation, allowing stored XSS. Affected versions are up to 1.14.13 (inclu...

CVE-2023-51485 WordPress Pay with Vipps for WooCommerce Plugin <= 1.14.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13...

CVE-2023-51485 WordPress Pay with Vipps for WooCommerce Plugin <= 1.14.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13...

WordPress Plugin Pay with Vipps and MobilePay for WooCommerce Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-14144 · Woocommerce · Pay With Vipps/Mobilepay For Woocommerce

Name of the Vulnerable Software and Affected Versions: Pay with Vipps and MobilePay for WooCommerce versions 1.14.13 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This mean...

Pay with Vipps for WooCommerce < 1.14.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Pay with Vipps for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the buy now button in versions up to, and including, 1.14.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Pay with Vipps for WooCommerce Plugin <= 1.14.13 is vulnerable to Cross Site Scripting (XSS)

Software Pay with Vipps for WooCommerce Type Plugin Vulnerable versions = 1.14.13 Fixed in 1.14.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51485 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1edf8f900665 Credits resecured.io Requir...

Malicious code in vipps-stitches (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b35462631a02f2e2f4983938981ac01d5a3a5b84f7aa53753115e2bfc5ed8d9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6938 Malicious code in vipps-stitches (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b35462631a02f2e2f4983938981ac01d5a3a5b84f7aa53753115e2bfc5ed8d9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...