luigi

My Calendar 2.5.16 – Authenticated stored XSS

INFO Product: My Calendar Version: 2.5.16 Active installations: 30,000+ Product page: https://it.wordpress.org/plugins/my-calendar/ DESCRIPTION An authenticated user, who can add new events,  can inject arbitrary javascript code via event_time_label input. The arbitrary code runs both on the event page and in the admin panel. In my-calendar-event-manager.php, line 1873, the variable $eventTime is not sanitized. PROOF OF CONCEPT My Calendar 2.5.16 is Continue reading My Calendar 2.5.16 РAuthenticated stored XSS

WP Live Chat Support 8.0.05 – Stored XSS

INFO Product: WP Live Chat Support Version: 8.0.05 Active installations:¬†50,000+ Product page:¬†https://wordpress.org/plugins/wp-live-chat-support/ CVE: 2018-9864 1. DESCRIPTION An unauthenticated user could inject arbitrary javascript code in the admin panel by using the text field “Name”¬†of WP Live Chat Support. Using a single input point it was possible to inject javascript code into two different output points Continue reading WP Live Chat Support 8.0.05 – Stored XSS

Events Manager 5.8.1.1 – Stored XSS

INFO Product: Events Manager Version: 5.8.1.1 Active installations: 100,000+ Product page: https://it.wordpress.org/plugins/events-manager/ CVE: 2018-9020 DESCRIPTION An unauthenticated user or a user without privileges, who can submit an event, can inject javascript code in the Google Maps miniature. The malicious code runs in the admin panel when a user with privileges opens the submitted event. The problem Continue reading Events Manager 5.8.1.1 РStored XSS

Utilizzare il Raspberry Pi 3 via Termux

AGGIORNATO IN DATA 8/03/2018 In data 8/03/2018 ho modificato quasi completamente il post originale, perch√© ho deciso di impuntarmi e risolvere i miei problemi con Raspbian Stretch. La soluzione adottata in questa versione dell’articolo √® senza dubbio migliore della precedente: √® pi√Ļ facile, pi√Ļ veloce e ho utilizzato una distribuzione (Raspbian) adatta ad un uso Continue reading Utilizzare il Raspberry Pi 3 via Termux