CVE-2021-34630 – In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_v …

30 July 2021

Vuln ID: CVE-2021-34630

Published: 2021-07-30 21:15:08Z

Description: In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER[‘REQUEST_URI’]. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below, or in cases where an attacker is able to modify the request en route between the client and the server, or in cases where the user is using an atypical browsing solution.

Source: NVD.NIST.GOV

Date:

30 July 2021

Categorie(s):

NVD

Tag(s):

NVD

Australia’s spies and cops want ‘accountable encryption’ – aka access to backdoors25 April 2024
Australia’s spies and cops want ‘accountable encryption’ – aka backdoors25 April 2024
Australia’s spies and cops want ‘accountable encryption’ – aka backdooring encryption25 April 2024
Rubrik sets IPO price at $32 per share on $5.6B valuation ahead of NYSE debut25 April 2024
Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes24 April 2024