Posts Tagged ‘XSS attack’

Wordpress VulnerabilitiesThe latest Cross-site scripting vulnerabilities in WordPress plugins

Five Cross-site scripting vulnerabilities in WordPress plugins: Profile Builder, Photo Gallery, EWWW Image Optimizer, Contact Form DB, and Google Calendar Events.

1. Cross-site scripting in WordPress Profile Builder Plugin

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7 (more…)

Wordpress Vulnerability

WordPress vulnerabilities

1. Security Bypass WordPress WP-Ban

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-6230

Vector operation: Remote
Impact: Security Bypass (more…)

Drupal logo

Drupal vulnerabilities

Cyber Security Notification: New Vulnerabilities of September 2014

Security vulnerabilities related to Drupal – content management system: Descriptions of vulnerabilities related to products of this vendor of September 13, 2014.

1. Vulnerability: Cross-site scripting in Drupal Custom BreadCrumbs

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7 (more…)

XSS in WordPress Audio Player

XSS in WordPress Audio Player

Vulnerability: Cross-site scripting in WordPress Audio Player

Danger level: Low
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2013-1464
Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Audio Player Plugin 2.x

Affected versions: WordPress Audio Player 2.0.4.5, possibly earlier. (more…)

Wordpress Vulnerability

XSS in WordPress

Vulnerability: Cross-site scripting in WordPress Video Lead Form

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Video Lead Form Plugin 0.x

Affected versions: WordPress Video Lead Form 0.5, maybe earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)

Sophos antivirus

Vulnerabilities in Sophos Antivirus

Vulnerability: Multiple vulnerabilities in Sophos antivirus

Danger: High
Patch: Yes
Number of vulnerabilities: 6
Vector operation: Remote

Impact: Cross Site Scripting,  Elevation of Privilege,  System compromise.

Affected products:  Sophos Anti-Virus 10.x,  Sophos Anti-Virus 9.x,  Sophos Anti-Virus for Mac OS X 8.x,  Sophos Anti-Virus for Unix 4.x.

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system. (more…)

Firefox logo

Vulnerability in Firefox

In the browser, eliminated two XSS vulnerability attacks and one vulnerability disclosure of sensitive data.

Mozilla Foundation has released a security update Firefox 16.0.2, which eliminated three vulnerabilities.

The second in the last two weeks fix in Firefox resolves two vulnerabilities that can make XSS attack, and one vulnerability disclosure of sensitive data, which allows you to bypass security restrictions and implement a cross-domain object reading Location. (more…)

Opera AlertVulnerability: Cross-site scripting in Opera

Danger: Middle
If the Patch: None
Number of vulnerabilities: 1
Impact: Cross Site Scripting
Affected products: Opera 12.x

Affected versions: Opera 12.02 for Windows, Mac OS and Linux, possibly earlier

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)

Wordpress VulnerabilityVulnerability: Cross-site scripting in the WordPress Purity Theme

Danger: Low
If the Patch: None
Number of vulnerabilities: 1
Impact: Cross Site Scripting
Affected products: WordPress Purity Theme

Affected versions: WordPress Purity TOPIC LINKS (more…)

Wordpress VulnerabilityVulnerability: Cross-site scripting WordPress Download Monitor

CVE ID: CVE-2012-4768
Impact: Cross Site Scripting

Affected products: WordPress Download Monitor Plugin 3.x

Affected versions: WordPress Download Monitor 3.3.5.7, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)