Page 60 of 660 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 2

CVE-2013-5714 – Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.25.3 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-5714

Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information. Multiples vulnerabilidades cross-site scripting (XSS) en ls/htmlchar.php de la extensión para WordPress, VideoWhisper Live Streaming Integration 4.25.3 y posiblemente anteriores permite a un atacate remoto inyectar script web o HTML a discrección a través del parámetro (1) name o (2) message. NOTA: algunos de esos detalles son obtenidos de información de terceros. Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0153.html http://osvdb.org/96593 http://secunia.com/advisories/54619 http://www.iedb.ir/exploits-402.html http://www.securityfocus.com/bid/61977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 3

CVE-2013-4626 – BackWPup < 3.0.13 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-4626

Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php. Vulnerabilidad XSS en el plugin BackWPup anterior a v3.0.13 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "tab" a wp-admin/admin.php. WordPress BackWPup plugin version 3.0.12 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0127.html http://secunia.com/advisories/54515 http://wordpress.org/plugins/backwpup/changelog http://www.securityfocus.com/bid/61904 https://www.htbridge.com/advisory/HTB23161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 1

CVE-2013-3253 – Xhanch – My Twitter <= 2.7.6 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2013-3253

Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en admin/setting.php en el plugin Xhanch - My Twitter anterior a v2.7.7 para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones que cambian configuraciones sin especificar. • http://forum.xhanch.com/index.php/topic%2C3806.0.html http://plugins.trac.wordpress.org/changeset/750054/xhanch-my-twitter http://secunia.com/advisories/53133 http://www.securityfocus.com/bid/61629 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2013-3256 – SexyBookmarks <= 6.1.4.0 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2013-3256

Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings." Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el plugin Shareaholic SexyBookmarks v6.1.4.0 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios para las peticiones "manipulate plugin settings." • http://secunia.com/advisories/53138 http://wordpress.org/plugins/sexybookmarks/changelog http://www.securityfocus.com/bid/61561 https://exchange.xforce.ibmcloud.com/vulnerabilities/86126 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 3

CVE-2013-4954 – Pie Register <= 1.30 - Multiple Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-4954

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades XSS en el plugin Genetech Solutions Pie-Register anterior a 1.31 para WordPress, cuando "los nuevos registros pueden establecer su propia contraseña" está activado, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de los parámetros (1) pass1 o (2) pass2 en una acción de registro. NOTA: Esta información ha sido obtenida a partir de terceros. • https://www.exploit-db.com/exploits/38643 http://osvdb.org/95160 http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register http://secunia.com/advisories/54123 http://wordpress.org/plugins/pie-register/changelog http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting http://www.securityfocus.com/bid/61140 https://exchange.xforce.ibmcloud.com/vulnerabilities/85604 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •