Security Advisories (3)
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
- http://www.plupload.com/punbb/viewtopic.php?pid=28690
- https://wordpress.org/news/2016/05/wordpress-4-5-2/
- http://www.openwall.com/lists/oss-security/2016/05/07/2
- https://codex.wordpress.org/Version_4.5.2
- https://core.trac.wordpress.org/changeset/37382/
- https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
- https://wpvulndb.com/vulnerabilities/8489
- http://www.securitytracker.com/id/1035818
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
- https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
- http://seclists.org/oss-sec/2014/q4/616
- http://bugs.jqueryui.com/ticket/6016
- http://seclists.org/oss-sec/2014/q4/613
- http://rhn.redhat.com/errata/RHSA-2015-0442.html
- http://www.debian.org/security/2015/dsa-3249
- http://www.securityfocus.com/bid/71106
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://rhn.redhat.com/errata/RHSA-2015-1462.html
- http://www.securitytracker.com/id/1037035
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98696
- https://security.netapp.com/advisory/ntap-20190416-0007/
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://www.drupal.org/sa-core-2022-002
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664
- https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665
- https://github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663
- https://snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909
NAME
Yukki::Web::View::Login - show a login form
VERSION
version 0.140290
DESCRIPTION
Renders the login form.
METHODS
page
Renders the login page.
AUTHOR
Andrew Sterling Hanenkamp <hanenkamp@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2014 by Qubling Software LLC.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
Module Install Instructions
To install Yukki, copy and paste the appropriate command in to your terminal.
cpanm Yukkiperl -MCPAN -e shell
install YukkiFor more information on module installation, please visit the detailed CPAN module installation guide.