TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen


❈ [webapps] Seo Panel 4.8.0 - 'category' Reflected XSS

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

Cast user_id to int to prevent XSS

vom 1957.69 Punkte
Introducing type casting to avoid XSS. This vulnerability affects the following application versions: Yoast SEO 1.6.2 Yoast SEO 1.6.3 Yoast SEO 1.7 Yoast SEO 1.7.1

Add escaping to different admin sections to prevent XSS

vom 1697.88 Punkte
Various admin sections were not properly sanitized against XSS. This vulnerability affects the following application versions: Yoast SEO 1.5.5 Yoast SEO 1.5.5.1 Yoast SEO 1.5.5.2

Add sanitation to Input variables in the bulk editor and ajax module to prevent XSS

vom 1492.2 Punkte
Input variables in the bulk editor and ajax module were vulnerable to XSS. This vulnerability affects the following application versions: Yoast SEO 1.5.5 Yoast SEO 1.5.5.1 Yoast SEO 1.5.5.2

Added escaping to metabox text field to prevent XSS

vom 1373.12 Punkte
Certain inputs were not properly escaped against an XSS attack. This vulnerability affects the following application versions: Yoast SEO 2.0 Yoast SEO 2.0.1 Yoast SEO 2.1 Yoas

Adding key sanitation for attributes to prevent XSS

vom 1373.12 Punkte
Attributes were not properly sanitized as keys to prevent XSS. This vulnerability affects the following application versions: Yoast SEO 3.2 Yoast SEO 3.2.1 Yoast SEO 3.2.2 Yoast SEO 3.

Sitemap sanitation added to avoid XSS

vom 1319 Punkte
The sitemap request server was not properly sanitized against XSS. This vulnerability affects the following application versions: Yoast SEO 2.2 Yoast SEO 2.2.1 Yoast SEO 2.3 Yoast SEO

Escaping promo extension message to prevent XSS

vom 1308.17 Punkte
The promo extension messages were not properly escaped which could result in an XSS attack. This vulnerability affects the following application versions: Yoast SEO 2.3 Yoast SEO 2.3.1 Yoast SEO 2.3.2

Added escaping to admin views to avoid XSS

vom 1243.22 Punkte
A range of elements were not properly escaped against a possible XSS attack. This vulnerability affects the following application versions: Yoast SEO 3.2 Yoast SEO 3.2.1 Yoast SEO 3.2.2

Escaping import/export tool to prevent XSS

vom 1199.92 Punkte
The import and export tool was not properly escaped against XSS. This vulnerability affects the following application versions: Yoast SEO 3.5 Yoast SEO 3.6 Yoast SEO 3.6.1 Yoast SE

Escaping license file to prevent XSS

vom 1070.01 Punkte
Licenses file was not properly escaped against XSS. This vulnerability affects the following application versions: Yoast SEO 3.5 Yoast SEO 3.6 Yoast SEO 3.6.1 Yoast SEO 3.7.0

Adding escaping to admin url for general options to prevent XSS

vom 1059.19 Punkte
The admin url for general options was not properly escaped against XSS. This vulnerability affects the following application versions: Yoast SEO 5.9 Yoast SEO 5.9.1 Yoast SEO 5.9.2

Escaping of HTML chars to prevent XSS

vom 940.11 Punkte
Unescaped html chars could lead to a possible XSS attack. This vulnerability affects the following application versions: Yoast SEO 3.7.0 Yoast SEO 3.7.1 Yoast SEO 3.8 Yoast SEO

Team Security Diskussion über [webapps] Seo Panel 4.8.0 - 'category' Reflected XSS