29 matches found
EUVD-2017-18437
Malware in sbrugna...
EUVD-2025-10781
Malicious code in bioql PyPI...
CVE-2025-32534
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Workbox Workbox Video from Vimeo & Youtube workbox-video-from-vimeo-youtube-plugin allows Reflected XSS.This issue affects Workbox Video from Vimeo & Youtube: from n/a through = 3.2.2...
CVE-2025-32534
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Workbox Workbox Video from Vimeo & Youtube workbox-video-from-vimeo-youtube-plugin allows Reflected XSS.This issue affects Workbox Video from Vimeo & Youtube: from n/a through = 3.2.2...
CVE-2025-32534
CVE-2025-32534 is a Reflected XSS in the Workbox Video from Vimeo & YouTube WordPress plugin (affected: 1) Workbox Video from Vimeo & Youtube Plugin, 2) versions up to 3.2.2). The CVE entry includes a CVSS v3.1 base score of 7.1 (HIGH) with Network attack vector, No privileges, user interaction r...
CVE-2025-32534 WordPress Workbox Video from Vimeo & Youtube Plugin Plugin <= 3.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Workbox Workbox Video from Vimeo & Youtube allows Reflected XSS. This issue affects Workbox Video from Vimeo & Youtube: from n/a through 3.2.2...
CVE-2025-32534 WordPress Workbox Video from Vimeo & Youtube Plugin Plugin <= 3.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Workbox Workbox Video from Vimeo & Youtube workbox-video-from-vimeo-youtube-plugin allows Reflected XSS.This issue affects Workbox Video from Vimeo & Youtube: from n/a through = 3.2.2...
WordPress plugin Workbox Video from Vimeo & Youtube 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Workbox Video...
PT-2025-16059 · Vimeo & Youtube · Workbox Video
Name of the Vulnerable Software and Affected Versions: Workbox Video from Vimeo & Youtube versions 3.2.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables attackers to...
WordPress Workbox Video from Vimeo & Youtube Plugin Plugin <= 3.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Workbox Video from Vimeo & Youtube versions = 3.2.2...
Atlassian Confluence 4.3.x < 6.2.1 Access Restriction Bypass using watch notifications
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to version 6.2.1. It is, therefore, affected by access restriction bypass using watch notifications which may permit an attacker to receive workbox notifications containing the...
Malicious code in workbox-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8933e331d7e07ec6d6389f4a473479e2d306032d9d3b394d9243d7268c811270 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7221 Malicious code in workbox-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8933e331d7e07ec6d6389f4a473479e2d306032d9d3b394d9243d7268c811270 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Workbox: upgrade Underscore.js to 1.13.1 or higher
h3. Issue Summary Workbox host plugin in Confluence is currently using underscore.js 1.3.1. This is old enough to not be vulnerable to CVE-2021-23358, but it should be using the version provided by Confluence, not its own The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and...
Atlassian Confluence Security Bypass Vulnerability (CNVD-2017-12985)
Atlassian Confluence is a professional enterprise knowledge management and collaboration software from Atlassian Australia, which can also be used to build an enterprise WiKi. the software enables collaboration and knowledge sharing between team members. A security vulnerability exists in Atlassi...
Code injection
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments add...
CVE-2017-9505
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments add...
CVE-2017-9505
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments add...
CVE-2017-9505
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments add...
Access Restriction Bypass using watch notifications (CVE-2017-9505)
Confluence did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it...