CVE-2024-35655 – WordPress Brave – Interactive Content plugin <= 0.6.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35655
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brave Brave Popup Builder allows Stored XSS.This issue affects Brave Popup Builder: from n/a through 0.6.9. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Brave Brave Popup Builder permite XSS Almacenado. Este problema afecta a Brave Popup Builder: desde n/a hasta 0.6.8. The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-interactive-content-plugin-0-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-51534 – WordPress Brave Popup Builder Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51534
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: from n/a through 0.6.2. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content permite XSS almacenado. Este problema afecta a Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: desde n/a hasta 0.6.2. The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-popup-plugin-0-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-28360
https://notcve.org/view.php?id=CVE-2023-28360
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. • https://hackerone.com/reports/1848062 • CWE-223: Omission of Security-relevant Information •
CVE-2022-47934
https://notcve.org/view.php?id=CVE-2022-47934
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. Brave Browser anterior a 1.43.88 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) en ventanas privadas e invitadas a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esto se debe a una solución incompleta para CVE-2022-47932 y CVE-2022-47934. • https://github.com/brave/brave-browser/issues/24211 https://github.com/brave/brave-browser/issues/25106 https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8 https://github.com/brave/brave-core/pull/14313 https://hackerone.com/reports/1646204 •
CVE-2022-47933
https://notcve.org/view.php?id=CVE-2022-47933
Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc. Brave Browser anterior a 1.42.51 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo HTML manipulado que hace referencia al esquema IPFS. Esta vulnerabilidad es causada por una excepción no detectada en la función ipfs::OnBeforeURLRequest_IPFSRedirectWork() en ipfs_redirect_network_delegate_helper.cc. • https://github.com/brave/brave-browser/issues/23646 https://github.com/brave/brave-browser/issues/24378 https://github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bc56 https://github.com/brave/brave-core/pull/13989 https://hackerone.com/reports/1610343 • CWE-755: Improper Handling of Exceptional Conditions •