3 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specifically, reader::read_from_container can cause an infinite loop when a crafted PNG file is given. This is fixed in version 0.5.3. No workaround is available. • https://crates.io/crates/kamadak-exif https://github.com/kamadak/exif-rs/commit/f21df24616ea611c5d5d0e0e2f8042eb74d5ff48 https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information. Vulnerabilidad de XSS en el plugin HK Exif Tags anterior a 1.12 para WordPress permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una etiqueta EXIF. NOTA: algunos de estos detalles se obtienen de información de terceras partes. Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. • http://secunia.com/advisories/57753 https://exchange.xforce.ibmcloud.com/vulnerabilities/92555 https://wordpress.org/plugins/hk-exif-tags/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en módulo Exif v5.x-1.x anterior a v5.x-1.2 y v6.x-1.x-dev anterior a 13 de Abril de 2009, un módulo para Drupal, permite a atacantes remotos inyectar HTML o scripts web a su elección a través de las etiquetas EXIF de una imagen. • http://drupal.org/node/448958 http://secunia.com/advisories/34953 http://www.securityfocus.com/bid/34774 http://www.vupen.com/english/advisories/2009/1213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •