Filtered by vendor Facebook Subscriptions
Filtered by product Facebook Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-0660 2 Aurigma, Facebook 3 Image Uploader Activex Control, Facebook, Photouploader 2024-08-07 N/A
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
CVE-2014-6392 1 Facebook 2 Facebook, Facebook Messenger 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes the significance of this report, because the user must accept an interstitial warning before the HTML file content is rendered, and because the HTML content's origin is a sandbox domain
CVE-2021-24217 1 Facebook 1 Facebook 2024-08-03 8.1 High
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.
CVE-2021-24218 1 Facebook 1 Facebook 2024-08-03 8.8 High
The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved.
CVE-2024-35232 1 Facebook 1 Facebook 2024-08-02 3.7 Low
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.