Archive

Archive for the ‘Cross Site Scripting’ Category

WordPress Multiple Vulnerabilities

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: versions prior to 3.8.2.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.8.3.

Access Bypass, Content Management, Cross Site Scripting

WordPress Quick Page Post Redirect Plugin Cross-Site Request Forgery

April 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 5.0.5 and prior versions.
Vendor’s URL: Quick Page Post Redirect Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 5.0.6.

Content Management, Cross Site Scripting

LuxCal Web Calendar Cross-Site Request Forgery and SQL Injection

March 30th, 2014
Comments Off

Application: LuxCal Web Calendar
Affected Version: version 3.2.2 and other versions.
Vendor’s URL: LuxCal Web Calendar
Bug Type: Cross-Site Request Forgery and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

WordPress WP SlimStat Plugin URL Script Insertion

March 30th, 2014
Comments Off

Application: WordPress
Affected Version: version 3.5.5 and prior versions.
Vendor’s URL: WP SlimStat Plugin
Bug Type: Script Insertion
Risk Level: Critical

Solution:
Update to version 3.5.6.

Content Management, Cross Site Scripting

Ganesha Digital Library Cross-Site Scripting and SQL Injection

March 30th, 2014
Comments Off

Application: Ganesha Digital Library
Affected Version: version 4.2 and other versions.
Vendor’s URL: Ganesha Digital Library
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, SQL Injection

Joomla! Multiple Vulnerabilities

February 28th, 2014
Comments Off

Application: Joomla!
Affected Version: versions 2.5.18, 3.2.1 and 3.2.2
Vendor’s URL: Joomla!
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.19 or 3.2.3.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

WordPress BuddyPress Plugin Script Insertion and Security Bypass

February 28th, 2014
Comments Off

Application: WordPress
Affected Version: version 1.9.1 and prior versions.
Vendor’s URL: BuddyPress Plugin
Bug Type: Script Insertion and Security Bypass
Risk Level: Critical

Solution:
Update to version 1.9.2.

Access Bypass, Content Management, Cross Site Scripting

MyBB “keywords” Cross-Site Scripting

February 28th, 2014
Comments Off

Application: MyBB
Affected Version: version 1.6.12 and other versions.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards

WordPress WordFence Plugin “User-Agent” Script Insertion

January 29th, 2014
Comments Off

Application: WordPress
Affected Version: version 3.8.6 and prior versions.
Vendor’s URL: WordFence Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.8.7.

Content Management, Cross Site Scripting

Drupal Anonymous Posting Module Contact Name Script Insertion

January 29th, 2014
Comments Off

Application: Drupal
Affected Version: versions 7.x-1.2 and 7.x-1.3.
Vendor’s URL: Anonymous Posting Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 7.x-1.4.

Content Management, Cross Site Scripting

WordPress Download Manager Plugin “file[title]” Script Insertion

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.5.8 and other versions.
Vendor’s URL: Download Manager Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress Blooog Theme jPlayer Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: Blooog Theme jPlayer
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

CMS Made Simple “handler” Script Insertion

December 30th, 2013
Comments Off

Application: CMS Made Simple
Affected Version: version 1.11.9 and other versions.
Vendor’s URL: CMS Made Simple
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress JS Hotel Plugin “roomid” Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.2.1 and other versions
Vendor’s URL: JS Hotel Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress S3 Video Plugin “base” Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 0.983.
Vendor’s URL: S3 Video Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 0.983.

Content Management, Cross Site Scripting

WordPress Broken Link Checker Plugin Two Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 1.9.2.
Vendor’s URL: Broken Link Checker Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 1.9.2.

Content Management, Cross Site Scripting

MyBB Cross-Site Scripting and SQL Injection

December 30th, 2013
Comments Off

Application: MyBB
Affected Version: versions prior to 1.6.12.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.12.

Cross Site Scripting, Discussion Boards, SQL Injection

WordPress Recommend to a friend Plugin “current_url” Cross-Site Scripting

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.0.2 and other versions.
Vendor’s URL: Recommend to a friend Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress FunCaptcha Plugin Two Cross-Site Scripting

November 29th, 2013
Comments Off

Application: WordPress
Affected Version: version 0.4.3 and prior version
Vendor’s URL: FunCaptcha Plugin
Bug Type: Cross-Site Scripting
Risk Level: Medium

Solution:
Update to version 0.4.4.

Content Management, Cross Site Scripting

Drupal EU Cookie Compliance Module Unspecified Script Insertion

November 29th, 2013
Comments Off

Application: Drupal
Affected Version: versions prior to 7.x-1.12.
Vendor’s URL: EU Cookie Compliance Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 7.x-1.12.

Content Management, Cross Site Scripting