Archive

Archive for the ‘Cross Site Scripting’ Category

WordPress Tweet Blender Plugin “tb_tab_index” Cross-Site Scripting

November 29th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 4.0.2.
Vendor’s URL: Tweet Blender Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 4.0.2.

Content Management, Cross Site Scripting

Joomla! Multiple Cross-Site Scripting Vulnerabilities

November 29th, 2013
Comments Off

Application: Joomla!
Affected Version: versions prior to 2.5.15, 3.1.6, and 3.2.
Vendor’s URL: Joomla!
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 2.5.15, 3.1.6, or 3.2.

Content Management, Cross Site Scripting

Drupal Simplenews Module Email Subscription API Script Insertion

October 31st, 2013
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.5 and prior to 7.x-1.1.
Vendor’s URL: Simplenews Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.x-1.5 or 7.x-1.1.

Content Management, Cross Site Scripting

Bilboplanet Cross-Site Scripting and SQL Injection

October 31st, 2013
Comments Off

Application: Bilboplanet
Affected Version: version 2.0 and other versions.
Vendor’s URL: Bilboplanet
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

osCommerce “products_id” Script Insertion

October 31st, 2013
Comments Off

Application: osCommerce
Affected Version: version 2.3.3 and prior versions.
Vendor’s URL: osCommerce
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 2.3.3.1.

Cross Site Scripting, E-Commerce

WordPress Design Approval System Plugin “step” Cross-Site Scripting

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 3.7
Vendor’s URL: Design Approval System Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Update to version 3.7.

Content Management, Cross Site Scripting

WordPress Simple Login Registration Plugin “username” Cross-Site Scripting

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0.1 and other versions.
Vendor’s URL: Simple Login Registration Plugin
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress VideoWhisper Live Streaming Integration Plugin Two Script Insertion

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 4.25.3 and other versions.
Vendor’s URL: VideoWhisper Live Streaming Integration Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress Multiple Vulnerabilities

September 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.6 and prior versions.
Vendor’s URL: WordPress
Bug Type: Security Bypass, Cross Site Scripting, Spoofing, System access
Risk Level: Critical

Solution:
Update to version 3.6.1.

Access Bypass, Content Management, Cross Site Scripting

WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4.1 and prior versions.
Vendor’s URL: A Forms Plugin
Bug Type: Cross-Site Scripting
Risk Level: Medium

Solution:
Update to version 1.4.2.

Content Management, Cross Site Scripting

WordPress All-in-One Event Calendar Plugin Script Insertion and SQL Injection

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.9 and other versions.
Vendor’s URL: All-in-One Event Calendar Plugin
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.10.

Content Management, Cross Site Scripting, SQL Injection

Joomla! Jomres Component Script Insertion and SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: version 7.3.0 and other versions.
Vendor’s URL: Jomres Component
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 7.3.1.

Content Management, Cross Site Scripting, SQL Injection

Joomla! “lang” Cross-Site Scripting

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: versions 3.1.4 and 3.1.5.
Vendor’s URL: Joomla!
Bug Type: Cross-Site Scripting
Risk Level: Critical

Solution:
Fixed in the git repository.

Content Management, Cross Site Scripting

WordPress Chat Plugin “message” Script Insertion

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0.8 and prior versions.
Vendor’s URL: Chat Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.0.8.1.

Content Management, Cross Site Scripting

WordPress BulletProof Security Plugin Security Log Script Insertion

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: version .48.9 and other versions.
Vendor’s URL: BulletProof Security Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version .49.

Content Management, Cross Site Scripting

WordPress Better WP Security Plugin 404 Error Log Script Insertion

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: versions prior to 3.5.4.
Vendor’s URL: Better WP Security Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 3.5.4.

Content Management, Cross Site Scripting

Joomla! VirtueMart Component Two Cross-Site Scripting and SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: versions prior to 2.0.22b.
Vendor’s URL: VirtueMart Component
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 2.0.22b.

Cross Site Scripting, E-Commerce, SQL Injection

CMS Made Simple “X-Forwarded-For” Script Insertion Vulnerability

July 29th, 2013
Comments Off

Application: CMS Made Simple
Affected Version: version 1.11.6 and prior versions.
Vendor’s URL: CMS Made Simple
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.11.7.

Content Management, Cross Site Scripting

WordPress Download Monitor Plugin “p” and “sort” Cross-Site Scripting

July 29th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.3.6.1 and prior versions.
Vendor’s URL: Download Monitor Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 3.3.6.2.

Content Management, Cross Site Scripting

WordPress Citizen Space Plugin Cross-Site Request Forgery

July 29th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0 and prior versions.
Vendor’s URL: Citizen Space Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.1.

Content Management, Cross Site Scripting