240 matches found
SUSE CVE-2019-1020001
yard before 0.9.20 allows path traversal...
CVE-2022-2094
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting...
CVE-2022-2094
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting...
Cross site scripting
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting...
CVE-2022-2094
CVE-2022-2094 affects the Yellow Yard Searchbar WordPress plugin, versions prior to 2.8.2. Root cause: the plugin does not escape certain URL parameters before echoing them back to the user, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Exploitation details are present in connect...
CVE-2022-2094 Yellow Yard Searchbar < 2.8.2 - Reflected Cross-Site Scripting
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting...
WordPress plugin Yellow Yard Searchbar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Yellow Yard < 2.8.12 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC yyfilter field='"...
Yellow Yard < 2.8.12 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks yyfilter field='" style=background-color:red...
CVE-2022-47717
Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...
CVE-2022-47715
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...
CVE-2022-47715
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...
CVE-2022-47717
Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...
CVE-2022-47714
Last Yard 22.09.8-1 does not enforce HSTS headers...
CVE-2022-47714
Last Yard 22.09.8-1 does not enforce HSTS headers...
Hardcoded credentials
Last Yard 22.09.8-1 does not enforce HSTS headers...
Design/Logic Flaw
Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...
CVE-2022-47715
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...
PT-2023-15466 · Last Yard · Last Yard
Name of the Vulnerable Software and Affected Versions: Last Yard version 22.09.8-1 Description: The issue is related to the lack of enforcement of HSTS headers. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue...
CVE-2022-47717
Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...