27 matches found
Malicious code in leadconduit-zillow (npm)
The package leadconduit-zillow was found to contain malicious code...
MAL-2025-25053 Malicious code in leadconduit-zillow (npm)
The package leadconduit-zillow was found to contain malicious code...
CVE-2022-1915
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
WordPress Widgets for Zillow Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload
Software Widgets for Zillow Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 4f292716d1ce Credits Rafie Muhammad Patchstack...
WordPress Easy Zillow Reviews Plugin < 1.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Easy Zillow Reviews Type Plugin Vulnerable versions 1.6.2 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0f45d71ee4e7 Credits Rafie Muhammad Patchstack...
Malicious code in @zillow-types/constellation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f570ad44977228dd333e2cc8ca47ab2bc8b05f057f2d4125c5549f3dd8f1c7f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-73 Malicious code in @zillow-types/constellation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f570ad44977228dd333e2cc8ca47ab2bc8b05f057f2d4125c5549f3dd8f1c7f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress WP Zillow Review Slider plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Zillow Review Slider plugin version prior to 2.4 has a cross-site scripting vulnerabilit...
CVE-2022-1915
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-1915
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-1915
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
Cross site scripting
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-1915
The CVE-2022-1915 entry concerns the WordPress plugin WP Zillow Review Slider, affected in versions before 2.4. The vulnerability is a Cross-Site Scripting flaw caused by improper escaping of a settings field, which could allow high-privilege users to inject JavaScript (even when unfiltered_html ...
CVE-2022-1915 WP Zillow Review Slider < 2.4 - Admin+ Stored Cross-Site Scripting
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
WordPress plugin WP Zillow Review Slider 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Zillow Review Slider plugin version prior to 2.4 has a cross-site scripting vulnerabilit...
WordPress Easy Zillow Reviews plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Easy Zillow Reviews plugin versions = 1.4.0. Solution Update the WordPress Easy Zillow Reviews plugin to the latest available version at least 1.4.1...
WordPress Easy Zillow Reviews plugin <= 1.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Zillow Reviews plugin versions = 1.4.0. Solution Update the WordPress Easy Zillow Reviews plugin to the latest available version at least 1.4.1...
Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow
Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow among others inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept PoC code dependency-confusion exploit that w...
Chris Vickery Discusses Data Leak of 48 Million Users by Private Intelligence Firm
SAN FRANCISCO – Profile data of 48 million users that was scraped from social networks and websites ranging from Facebook, LinkedIn, Zillow and Twitter was leaked by a private intelligence agency. The data was left on an Amazon S3 storage bucket accessible without a password by Localblox, the...
zillow.com XSS vulnerability
Open Bug Bounty ID: OBB-571189 Description| Value ---|--- Affected Website:| zillow.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...