Day: Ekim 4, 2021

CVE-2020-28119

Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. Devamını…

Devamını oku

CVE-2021-25964

In “Calibre-webâ€� application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadataâ€�. An attacker that has access to edit the metadata information, can inject…

Devamını oku

CVE-2021-24687

The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users…

Devamını oku

CVE-2021-24679

The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All…

Devamını oku

CVE-2021-24678

The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor…

Devamını oku

CVE-2021-24673

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site…

Devamını oku

CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow…

Devamını oku

CVE-2021-24465

The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low…

Devamını oku