CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25102 – WordPress Yahoo BOSS Plugin <= 0.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-25102
02 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Yahoo BOSS allows Reflected XSS. This issue affects Yahoo BOSS: from n/a through 0.7. The Yahoo BOSS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successful... • https://patchstack.com/database/wordpress/plugin/yahoo-boss/vulnerability/wordpress-yahoo-boss-plugin-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53779 – WordPress Yahoo! WebPlayer plugin <= 2.0.6 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-53779
28 Nov 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Max Engel Yahoo! WebPlayer allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through 2.0.6. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Max Engel Yahoo! WebPlayer permite XSS almacenado. • https://patchstack.com/database/wordpress/plugin/yahoo-media-player/vulnerability/wordpress-yahoo-webplayer-plugin-2-0-6-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6035
https://notcve.org/view.php?id=CVE-2019-6035
26 Dec 2019 — Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. Una vulnerabilidad de redireccionamiento abierto en Athenz versión v1.8.24 y anteriores, permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing por medio de una página especialmente diseñada. • http://jvn.jp/en/jp/JVN57070811/index.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2253
https://notcve.org/view.php?id=CVE-2017-2253
14 Jul 2017 — Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta (path) de búsqueda no confiable en el instalador de Yahoo! Toolbar (para Internet explorer) versión v8.0.0.6 y anteriores, con su marca de tiempo anterior al 13 de junio de 2017, 18:18:55, permite a un atacante alcanzar privilegio... • https://jvn.jp/en/jp/JVN02852421/index.html • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2014-7216 – Yahoo! Messenger 11.5.0.228 Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-7216
04 Sep 2015 — Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file. Múltiples desbordamientos de buffer basado en pila en Yahoo! Messenger 11.5.0.228 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (colapso) y posiblemente ejecutar código arbitrario a través del (1) acceso directo o de (2) las clave... • http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5881
https://notcve.org/view.php?id=CVE-2014-5881
11 Sep 2014 — The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Yahoo! Japan Box (también conocida como jp.co.yahoo.android.ybox) 1.5.1 para Android no verifica los certificados X.509 de los servidores SSL, lo que podría permitir a atacantes man-in-the-middle suplantar servidores y obtener información sensib... • http://jvn.jp/en/jp/JVN48270605/index.html • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 2CVE-2014-4603 – Yahoo Updates For WordPress <= 1.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4603
02 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter. Múltiples vulnerabilidades de XSS en yupdates_application.php en el plugin Yahoo! Updates for WordPress 1.0 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (... • http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-6853 – Y! Toolbar Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6853
16 Jan 2014 — Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim. Vulnerabilidad cross-site scripting (XSS) en clickstream.js de Y! Toolbar plugin para FireFox 3.1.0.20130813024103 para Mac, y 2.5.9.2013418100420 para Windows, permite a atacantes remotos inyectar script web o HTML de forma arbirtaria a trav... • http://osvdb.org/102175 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 3CVE-2013-6780 – Cisco Ironport AsyncOS Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6780
13 Nov 2013 — Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. Vulnerabilidad de XSS en uploader.swf en el componente Uploader de Yahoo! YUI 2.5.0 hasta la versión 2.9.0 permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro allowedDomain. Cisco Ironport AsyncOS suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/130527 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4699
https://notcve.org/view.php?id=CVE-2013-4699
21 Aug 2013 — The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Yahoo! Japan Yafuoku! • http://jvn.jp/en/jp/JVN68156832/index.html • CWE-310: Cryptographic Issues •