scroll top vulnerabilities and exploits

(subscribe to this query)

The Scroll To Top WordPress plugin prior to 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Scroll To Top Project Scroll To Top

The WPFront Scroll Top WordPress plugin prior to 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

Wpfront Scroll Top

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Scroll Top allows Reflected XSS. This issue affects Scroll Top: from n/a up to and including 1.3.3.

Notfound Scroll Top

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Scroll Top Advanced allows Stored XSS.This issue affects Scroll Top Advanced: from n/a up to and including 2.5.

Nasir Scroll Top Advanced

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin prior to 1.9, To Top WordPress plugin prior to 2.3,...

Catchplugins Catch Scroll Progress Bar Catchplugins Catch Sticky Menu Catchplugins Catch Themes Demo Import Catchplugins Catch Under Construction Catchplugins Catch Web Tools Catchplugins Essential Content Types Catchplugins Essential Widgets Catchplugins Generate Child Theme Catchplugins Header Enhancement Catchplugins To Top

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were upd...

Accesspressthemes Accessbuddy 1.0.0 Accesspressthemes Accesspress Anonymous Post 2.8.0 Accesspressthemes Accesspress Basic 3.2.1 Accesspressthemes Accesspress Custom Css 2.0.1 Accesspressthemes Accesspress Custom Post Type 1.0.8 Accesspressthemes Accesspress Ifeeds 4.0.3 Accesspressthemes Accesspress Lite 2.92 Accesspressthemes Accesspress Mag 2.6.5 Accesspressthemes Accesspress Parallax 4.5 Accesspressthemes Accesspress Ray 1.19.5 Accesspressthemes Accesspress Root 2.5 Accesspressthemes Accesspress Social Counter 1.9.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a up to and including 1.8.5.

Internet Explorer 6 and previous versions allows remote malicious users to create chromeless windows using the Javascript window.createPopup method, which could allow malicious users to simulate a victim's display and conduct unauthorized activities or steal sensitive data v...

Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0

1 EDB exploit

jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Jquery Jquery Debian Debian Linux 8.0 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Drupal Drupal Backdropcms Backdrop Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30 Opensuse Backports Sle 15.0 Opensuse Leap 15.1 Netapp Oncommand System Manager

436 Github repositories

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook