MentalJS is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass sandbox security restrictions and perform unauthorized actions; this may aid in launching further attacks. An example of the exploit is http://www.example.com/demo/demo-deny-noescape.html?test=%3Cscript%3Edocument.body.innerHTML=%22%3Cform+onmouseover=javascript:alert(0);%3E%3Cinput+name=attributes%3E%22;%3C/script%3E
Monstra CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The RokMicroNews plugin for WordPress is prone to multiple security vulnerabilities, including an information-disclosure vulnerability, a cross-site scripting vulnerability, an arbitrary file-upload vulnerability, and a denial-of-service vulnerability. Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, perform a denial-of-service attack, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The RokIntroScroller plugin for WordPress is prone to multiple security vulnerabilities, including an arbitrary file-upload vulnerability, a cross-site scripting vulnerability, an information-disclosure vulnerability, and a denial-of-service vulnerability. Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, perform a denial-of-service attack, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Mozilla Firefox is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This could be used to steal sensitive information or launch other attacks.
The RokStories plugin for WordPress is prone to multiple security vulnerabilities, including an arbitrary file-upload vulnerability, a cross-site scripting vulnerability, an information-disclosure vulnerability, and a denial-of-service vulnerability. Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, perform a denial-of-service attack, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The RokNewsPager plugin for WordPress is prone to multiple security vulnerabilities, including an information-disclosure vulnerability, a cross-site scripting vulnerability, an arbitrary file-upload vulnerability, and a denial-of-service vulnerability. Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, perform a denial-of-service attack, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
mukioplayer4wp for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
eTransfer Lite is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
The Event Easy Calendar plugin for WordPress is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.
Services By CQR