This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page source of the website. The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. This issue affects Docker Desktop: before 4.23.0. The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim's browser.ĭocker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. Within the listener is code that requests a URL derived from the received message via fetch(). The React Developer Tools extension registers a message listener with window.addEventListener('message', ) in a content script that is accessible to any webpage that is active in the browser.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |