RSS   Vulnerabilities for 'Crazy bone'   RSS

2022-02-28
 
CVE-2022-0385

CWE-79
 

 
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting

 
2019-09-25
 
CVE-2015-9430

CWE-79
 

 
The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.

 


Copyright 2024, cxsecurity.com

 

Back to Top