Search Results | AttackerKB

The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.

Attack Vector: Network Privileges: High User Interaction: Required

Attacker Value

Unknown

CVE-2019-15479

Disclosure Date: August 26, 2019 (last updated November 27, 2024)

Status Board 1.1.81 has reflected XSS via dashboard.ts.

Attacker Value

Unknown

CVE-2019-15478

Disclosure Date: August 26, 2019 (last updated November 27, 2024)

Status Board 1.1.81 has reflected XSS via logic.ts.

Attacker Value

Unknown

CVE-2019-12164

Disclosure Date: July 23, 2019 (last updated November 27, 2024)

ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution.

Attacker Value

Unknown

CVE-2014-5094

Disclosure Date: October 20, 2014 (last updated October 05, 2023)

Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.

Attacker Value

Unknown

CVE-2014-5923

Disclosure Date: September 18, 2014 (last updated October 05, 2023)

The Facebook Status Via (aka com.StatusViaAdvanced) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Attacker Value

Unknown

CVE-2014-5089

Disclosure Date: August 06, 2014 (last updated October 05, 2023)

SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.

25 Total Results

Displaying 11-20 of 25

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification