91 matches found
Fedora: Security Advisory for vim (FEDORA-2021-84f4cf3244)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for vim (FEDORA-2021-e982f972f2)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for vim (FEDORA-2021-5fa81a2b04)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Wordpress plugin Controlled Admin Access 访问控制错误漏洞
WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in multiple Wordpress plugins that allows an attacker to use this endpoint to add arbitrary data to predefined options in the wpoptions table. The following products and versions are affected: The...
Cross site scripting
In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...
CVE-2020-15139
In MyBB (pre-1.8.24), the custom MyCode (BBCode) for the visual editor does not escape input when rendering HTML, causing a DOM-based XSS. Exploitation involves a victim visiting a page with the visual editor active (e.g., a post or Private Message) containing malicious MyCode, potentially on con...
PT-2020-14219 · Mybb · Mybb
Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.24 Description: The issue arises from improper input escaping in the custom MyCode for the visual editor, leading to a DOM-based XSS vulnerability. This can be exploited by directing a victim to a page with the visu...
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
MyBB Visual Editor 1.8.18 - Cross-Site Scripting Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE:...
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE: CVE-2018-17128 Description: Attacker can run JavaScript...
MyBB Visual Editor 1.8.18 Cross Site Scripting
Title: MyBB Visual Editor Stored XSS YLOADhttp://victim.com/video 4- Post the thread. While victim user replying your post, his browser will run JavaScript. Vulnerable pages: editpost.php newreply.php private.php and all Visual Editor embedded pages. // for secure days...
CVE-2018-17128
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...
Cross site scripting
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...
CVE-2018-17128
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...
CVE-2018-17128
Summary: CVE-2018-17128 affects MyBB’s Visual Editor (pre-1.8.19). The issue is a persistent XSS introduced through the Video MyCode in posts, enabling attacker-controlled JavaScript execution in a victim’s browser when replying to a thread. The vulnerability is tied to the Video or videotype han...
CVE-2018-17128
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...
MyBB Cross-Site Scripting Vulnerability (CNVD-2018-19562)
MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is easy to use , multi-language support , scalable , etc. Visual Editor is one of the HTML editor component . A cross-site scripting vulnerability exists in Visual Editor in...
mybb -- vulnerabilities
mybb Team reports: High risk: Email field SQL Injection. Medium risk: Video MyCode Persistent XSS in Visual Editor. Low risk: Insufficient permission check in User CP’s attachment management. Low risk: Insufficient email address verification...
Squiz Matrix Matrix WYSIWYG plugin cross-site scripting vulnerability
Squiz Matrix is an enterprise content management system from Squiz Australia.Matrix WYSIWYG plugins is a WYSIWYG editor plugin used in it. A cross-site scripting vulnerability exists in the Matrix WYSIWYG plugin in Squiz Matrix versions prior to 5.3.6.1 and 5.4.x versions prior to 5.4.1.3. A remo...
CVE-2017-14197
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...
WordPress Visual Editor Cross Site Scripting
A cross-site scripting vulnerability exists in WordPress Visual Editor. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...