CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6858 – Facebook Clone Script 1.0.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6858
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. Existe Cross-Site Scripting (XSS) en PHP Scripts Mall Facebook Clone Script. Facebook Clone Script version 1.0.5 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5214 – Add Link to Facebook <= 2.3 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5214
The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php. El plugin Add Link to Facebook hasta la versión 2.3 para WordPress tiene Cross-Site Scripting (XSS) mediante el parámetro al2fb_facebook_id en wp-admin/profile.php. The Add Link to Facebook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘al2fb_facebook_id’ parameter in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17615 – Facebook Clone Script 1.0 - 'id' / 'send' SQL Injection
https://notcve.org/view.php?id=CVE-2017-17615
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. Facebook Clone Script 1.0 tiene una inyección SQL mediante el parámetro id en friend-profile.php. • https://www.exploit-db.com/exploits/43280 https://packetstormsecurity.com/files/145320/Facebook-Clone-Script-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6871
https://notcve.org/view.php?id=CVE-2016-6871
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. Desbordamiento de enteros en bcmath en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos, lo que desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2016/08/11/1 http://www.openwall.com/lists/oss-security/2016/08/19/1 https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6870
https://notcve.org/view.php?id=CVE-2016-6870
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Escritura fuera de límites en las funciones (1) mb_detect_encoding, (2) mb_send_mail y (3) mb_detect_order en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://www.openwall.com/lists/oss-security/2016/08/11/1 http://www.openwall.com/lists/oss-security/2016/08/19/1 https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2 • CWE-787: Out-of-bounds Write •