Vulnerabilities for Facebook (...) - CXSECURITY.COM

Vulnerabilities for 'Facebook'

2021-04-12

CVE-2021-24218

CWE-352

The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved.

2014-09-15

CVE-2014-6392

CWE-79

DISPUTED Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes the significance of this report, because the user must accept an interstitial warning before the HTML file content is rendered, and because the HTML content's origin is a sandbox domain.

2008-02-07

CVE-2008-0660

CWE-119

Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.

>>> Vendor: Facebook 26 Products

Facebook messenger

Instaroid - instagram viewer

Hiphop virtual machine

Facebook for woocommerce

React-dev-utils

Copyright 2024, cxsecurity.com