Security Advisories (3)
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
- http://www.plupload.com/punbb/viewtopic.php?pid=28690
- https://wordpress.org/news/2016/05/wordpress-4-5-2/
- http://www.openwall.com/lists/oss-security/2016/05/07/2
- https://codex.wordpress.org/Version_4.5.2
- https://core.trac.wordpress.org/changeset/37382/
- https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
- https://wpvulndb.com/vulnerabilities/8489
- http://www.securitytracker.com/id/1035818
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
- https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
- http://seclists.org/oss-sec/2014/q4/616
- http://bugs.jqueryui.com/ticket/6016
- http://seclists.org/oss-sec/2014/q4/613
- http://rhn.redhat.com/errata/RHSA-2015-0442.html
- http://www.debian.org/security/2015/dsa-3249
- http://www.securityfocus.com/bid/71106
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://rhn.redhat.com/errata/RHSA-2015-1462.html
- http://www.securitytracker.com/id/1037035
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98696
- https://security.netapp.com/advisory/ntap-20190416-0007/
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://www.drupal.org/sa-core-2022-002
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664
- https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665
- https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663
- https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909
NAME
Yukki::Web::View::Attachment - View for attachment forms
VERSION
version 0.140290
DESCRIPTION
Handles the display of attachment forms.
METHODS
rename
Show the rename form for attachments.
remove
Show the remove form for attachmensts.
AUTHOR
Andrew Sterling Hanenkamp <hanenkamp@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2014 by Qubling Software LLC.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
Module Install Instructions
To install Yukki, copy and paste the appropriate command in to your terminal.
cpanm Yukkiperl -MCPAN -e shell
install YukkiFor more information on module installation, please visit the detailed CPAN module installation guide.