Suggestions search

All statuses

Filter by:

With package: tests.fetchzip.postFetch

Found 3 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-4007

8.8 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 week, 2 days ago

Tenda W3 POST Parameter wifiSSIDget stack-based overflow

A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.

References

VDB-350530 | Tenda W3 POST Parameter wifiSSIDget stack-based overflow vdb-entry technical-description
VDB-350530 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #769181 | Tenda W3 V1.0.0.3(2204) Buffer Overflow third-party-advisory
https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formwrlSSIDget-index-bu… exploit
https://www.tenda.com.cn/ product

Affected products

==1.0.0.3(2204)

Matching in nixpkgs

pkgs.gaw

Gtk Analog Wave viewer

nixos-unstable 20250128
- nixpkgs-unstable 20250128
- nixos-unstable-small 20250128
nixos-25.11 20250128
- nixos-25.11-small 20250128
- nixpkgs-25.11-darwin 20250128

pkgs.w3m

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.Xaw3d

3D widget set based on the Athena Widget set

nixos-unstable 1.6.6
- nixpkgs-unstable 1.6.6
- nixos-unstable-small 1.6.6
nixos-25.11 1.6.6
- nixos-25.11-small 1.6.6
- nixpkgs-25.11-darwin 1.6.6

pkgs.pw3270

3270 Emulator for gtk

nixos-unstable 5.5.0
- nixpkgs-unstable 5.5.0
- nixos-unstable-small 5.5.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.revpfw3

Reverse proxy to bypass the need for port forwarding

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0
nixos-25.11 0.5.0
- nixos-25.11-small 0.5.0
- nixpkgs-25.11-darwin 0.5.0

pkgs.w3m-nox

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.libxaw3d

3D appearance variant of the X Athena Widget Set

nixos-unstable 1.6.6
- nixpkgs-unstable 1.6.6
- nixos-unstable-small 1.6.6

pkgs.w3m-full

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.sparrow3d

A software renderer for different open handhelds like the gp2x, wiz, caanoo and pandora

nixos-unstable 2020-10-06
- nixpkgs-unstable 2020-10-06
- nixos-unstable-small 2020-10-06
nixos-25.11 2020-10-06
- nixos-25.11-small 2020-10-06
- nixpkgs-25.11-darwin 2020-10-06

pkgs.w3m-batch

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.libgtkflow3

Flow graph widget for GTK 3

nixos-unstable 1.0.6
- nixpkgs-unstable 1.0.6
- nixos-unstable-small 1.0.6
nixos-25.11 1.0.6
- nixos-25.11-small 1.0.6
- nixpkgs-25.11-darwin 1.0.6

pkgs.w3m-nographics

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.python312Packages.w3lib

Library of web-related functions

nixos-25.11 w3lib-2.3.1
- nixos-25.11-small w3lib-2.3.1
- nixpkgs-25.11-darwin w3lib-2.3.1

pkgs.python313Packages.w3lib

Library of web-related functions

nixos-unstable w3lib-2.3.1
- nixpkgs-unstable w3lib-2.3.1
- nixos-unstable-small w3lib-2.3.1
nixos-25.11 w3lib-2.3.1
- nixos-25.11-small w3lib-2.3.1
- nixpkgs-25.11-darwin w3lib-2.3.1

pkgs.python314Packages.w3lib

Library of web-related functions

nixos-unstable w3lib-2.3.1
- nixpkgs-unstable w3lib-2.3.1
- nixos-unstable-small w3lib-2.3.1

pkgs.tests.fetchzip.postFetch

None

nixos-unstable 3cw3svf714i8
- nixpkgs-unstable 3cw3svf714i8
- nixos-unstable-small 3cw3svf714i8

pkgs.perlPackages.W3CLinkChecker

W3C Link Checker

nixos-unstable W3C-LinkChecker-5.0.0
- nixpkgs-unstable W3C-LinkChecker-5.0.0
- nixos-unstable-small W3C-LinkChecker-5.0.0
nixos-25.11 W3C-LinkChecker-5.0.0
- nixos-25.11-small W3C-LinkChecker-5.0.0
- nixpkgs-25.11-darwin W3C-LinkChecker-5.0.0

pkgs.perl5Packages.W3CLinkChecker

W3C Link Checker

nixos-unstable W3C-LinkChecker-5.0.0
- nixpkgs-unstable W3C-LinkChecker-5.0.0
- nixos-unstable-small W3C-LinkChecker-5.0.0

pkgs.tests.fetchurl.hashedMirrors

None

nixos-unstable jlsriwxk0w3v
- nixpkgs-unstable jlsriwxk0w3v
- nixos-unstable-small jlsriwxk0w3v
nixos-25.11 ww3m898lak6d
- nixos-25.11-small ww3m898lak6d
- nixpkgs-25.11-darwin ww3m898lak6d

pkgs.tests.fetchgit.sparseCheckout

None

nixos-25.11 1y4asnkgw37p
- nixos-25.11-small 1y4asnkgw37p
- nixpkgs-25.11-darwin 1y4asnkgw37p

pkgs.perl538Packages.W3CLinkChecker

W3C Link Checker

nixos-25.11 W3C-LinkChecker-5.0.0
- nixos-25.11-small W3C-LinkChecker-5.0.0
- nixpkgs-25.11-darwin W3C-LinkChecker-5.0.0

pkgs.perl540Packages.W3CLinkChecker

W3C Link Checker

nixos-25.11 W3C-LinkChecker-5.0.0
- nixos-25.11-small W3C-LinkChecker-5.0.0
- nixpkgs-25.11-darwin W3C-LinkChecker-5.0.0

pkgs.tests.fetchFromGitHub.leave-git

None

nixos-25.11 1qjd2liw3yr9
- nixos-25.11-small 1qjd2liw3yr9
- nixpkgs-25.11-darwin 1qjd2liw3yr9

pkgs.perlPackages.DateTimeFormatW3CDTF

Parse and format W3CDTF datetime strings

nixos-unstable W3CDTF-0.08
- nixpkgs-unstable W3CDTF-0.08
- nixos-unstable-small W3CDTF-0.08
nixos-25.11 W3CDTF-0.08
- nixos-25.11-small W3CDTF-0.08
- nixpkgs-25.11-darwin W3CDTF-0.08

pkgs.ocamlPackages.lablgtk3-sourceview3

OCaml interface to GTK 3

nixos-unstable lablgtk3-sourceview3-3.1.5
- nixpkgs-unstable lablgtk3-sourceview3-3.1.5
- nixos-unstable-small lablgtk3-sourceview3-3.1.5
nixos-25.11 lablgtk3-sourceview3-3.1.5
- nixos-25.11-small lablgtk3-sourceview3-3.1.5
- nixpkgs-25.11-darwin lablgtk3-sourceview3-3.1.5

pkgs.perl5Packages.DateTimeFormatW3CDTF

Parse and format W3CDTF datetime strings

nixos-unstable W3CDTF-0.08
- nixpkgs-unstable W3CDTF-0.08
- nixos-unstable-small W3CDTF-0.08

pkgs.chickenPackages_5.chickenEggs.glfw3

Bindings to the GLFW3 OpenGL window and event management library

nixos-unstable glfw3-0.7.1
- nixpkgs-unstable glfw3-0.7.1
- nixos-unstable-small glfw3-0.7.1
nixos-25.11 glfw3-0.7.1
- nixos-25.11-small glfw3-0.7.1
- nixpkgs-25.11-darwin glfw3-0.7.1

pkgs.perl538Packages.DateTimeFormatW3CDTF

Parse and format W3CDTF datetime strings

nixos-25.11 W3CDTF-0.08
- nixos-25.11-small W3CDTF-0.08
- nixpkgs-25.11-darwin W3CDTF-0.08

pkgs.perl540Packages.DateTimeFormatW3CDTF

Parse and format W3CDTF datetime strings

nixos-25.11 W3CDTF-0.08
- nixos-25.11-small W3CDTF-0.08
- nixpkgs-25.11-darwin W3CDTF-0.08

pkgs.perlPackages.WebServiceValidatorHTMLW3C

Access the W3Cs online HTML validator

nixos-unstable W3C-0.28
- nixpkgs-unstable W3C-0.28
- nixos-unstable-small W3C-0.28
nixos-25.11 W3C-0.28
- nixos-25.11-small W3C-0.28
- nixpkgs-25.11-darwin W3C-0.28

pkgs.perl5Packages.WebServiceValidatorHTMLW3C

Access the W3Cs online HTML validator

nixos-unstable W3C-0.28
- nixpkgs-unstable W3C-0.28
- nixos-unstable-small W3C-0.28

pkgs.ocamlPackages_latest.lablgtk3-sourceview3

OCaml interface to GTK 3

nixos-unstable lablgtk3-sourceview3-3.1.5
- nixpkgs-unstable lablgtk3-sourceview3-3.1.5
- nixos-unstable-small lablgtk3-sourceview3-3.1.5

pkgs.perl538Packages.WebServiceValidatorHTMLW3C

Access the W3Cs online HTML validator

nixos-25.11 W3C-0.28
- nixos-25.11-small W3C-0.28
- nixpkgs-25.11-darwin W3C-0.28

pkgs.perl540Packages.WebServiceValidatorHTMLW3C

Access the W3Cs online HTML validator

nixos-25.11 W3C-0.28
- nixos-25.11-small W3C-0.28
- nixpkgs-25.11-darwin W3C-0.28

pkgs.haskellPackages.hs-opentelemetry-propagator-w3c

Trace propagation via HTTP headers following the w3c tracestate spec

nixos-unstable w3c-0.1.0.0
- nixpkgs-unstable w3c-0.1.0.0
- nixos-unstable-small w3c-0.1.0.0
nixos-25.11 w3c-0.1.0.0
- nixos-25.11-small w3c-0.1.0.0
- nixpkgs-25.11-darwin w3c-0.1.0.0

Package maintainers

@fedeinthemix Federico Beffa <beffa@fbengineering.ch>
@grindhold grindhold <grindhold+nix@skarphed.org>
@vifino Adrian Pistol <vifino@tty.sh>
@tudbut Daniella Hennig <nixpkgs@mail.tudbut.de>
@uninsane Colin Sane <colin@uninsane.org>
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
@vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
@toastal toastal <toastal+nix@posteo.net>

Untriaged

Permalink CVE-2026-4008

8.8 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 week, 2 days ago

Tenda W3 POST Parameter wifiSSIDset stack-based overflow

A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

References

https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formwrlSSIDset-index-bu… related
https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formwrlSSIDset-go-buffe… exploit
https://www.tenda.com.cn/ product
VDB-350531 | Tenda W3 POST Parameter wifiSSIDset stack-based overflow vdb-entry technical-description
VDB-350531 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #769182 | Tenda W3 V1.0.0.3(2204) Buffer Overflow third-party-advisory
Submit #769183 | Tenda W3 V1.0.0.3(2204) Buffer Overflow (Duplicate) third-party-advisory

Affected products

==1.0.0.3(2204)

Matching in nixpkgs

pkgs.gaw

Gtk Analog Wave viewer

nixos-unstable 20250128
- nixpkgs-unstable 20250128
- nixos-unstable-small 20250128
nixos-25.11 20250128
- nixos-25.11-small 20250128
- nixpkgs-25.11-darwin 20250128

pkgs.w3m

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.Xaw3d

3D widget set based on the Athena Widget set

nixos-unstable 1.6.6
- nixpkgs-unstable 1.6.6
- nixos-unstable-small 1.6.6
nixos-25.11 1.6.6
- nixos-25.11-small 1.6.6
- nixpkgs-25.11-darwin 1.6.6

pkgs.pw3270

3270 Emulator for gtk

nixos-unstable 5.5.0
- nixpkgs-unstable 5.5.0
- nixos-unstable-small 5.5.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.revpfw3

Reverse proxy to bypass the need for port forwarding

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0
nixos-25.11 0.5.0
- nixos-25.11-small 0.5.0
- nixpkgs-25.11-darwin 0.5.0

pkgs.w3m-nox

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.libxaw3d

3D appearance variant of the X Athena Widget Set

nixos-unstable 1.6.6
- nixpkgs-unstable 1.6.6
- nixos-unstable-small 1.6.6

pkgs.w3m-full

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.sparrow3d

A software renderer for different open handhelds like the gp2x, wiz, caanoo and pandora

nixos-unstable 2020-10-06
- nixpkgs-unstable 2020-10-06
- nixos-unstable-small 2020-10-06
nixos-25.11 2020-10-06
- nixos-25.11-small 2020-10-06
- nixpkgs-25.11-darwin 2020-10-06

pkgs.w3m-batch

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.libgtkflow3

Flow graph widget for GTK 3

nixos-unstable 1.0.6
- nixpkgs-unstable 1.0.6
- nixos-unstable-small 1.0.6
nixos-25.11 1.0.6
- nixos-25.11-small 1.0.6
- nixpkgs-25.11-darwin 1.0.6

pkgs.w3m-nographics

Text-mode web browser

nixos-unstable 0.5.6
- nixpkgs-unstable 0.5.6
- nixos-unstable-small 0.5.6
nixos-25.11 0.5.5
- nixos-25.11-small 0.5.5
- nixpkgs-25.11-darwin 0.5.5

pkgs.python312Packages.w3lib

Library of web-related functions

nixos-25.11 w3lib-2.3.1
- nixos-25.11-small w3lib-2.3.1
- nixpkgs-25.11-darwin w3lib-2.3.1

pkgs.python313Packages.w3lib

Library of web-related functions

nixos-unstable w3lib-2.3.1
- nixpkgs-unstable w3lib-2.3.1
- nixos-unstable-small w3lib-2.3.1
nixos-25.11 w3lib-2.3.1
- nixos-25.11-small w3lib-2.3.1
- nixpkgs-25.11-darwin w3lib-2.3.1

pkgs.python314Packages.w3lib

Library of web-related functions

nixos-unstable w3lib-2.3.1
- nixpkgs-unstable w3lib-2.3.1
- nixos-unstable-small w3lib-2.3.1

pkgs.tests.fetchzip.postFetch

None

nixos-unstable 3cw3svf714i8
- nixpkgs-unstable 3cw3svf714i8
- nixos-unstable-small 3cw3svf714i8

pkgs.perlPackages.W3CLinkChecker

W3C Link Checker

nixos-unstable W3C-LinkChecker-5.0.0
- nixpkgs-unstable W3C-LinkChecker-5.0.0
- nixos-unstable-small W3C-LinkChecker-5.0.0
nixos-25.11 W3C-LinkChecker-5.0.0
- nixos-25.11-small W3C-LinkChecker-5.0.0
- nixpkgs-25.11-darwin W3C-LinkChecker-5.0.0

pkgs.perl5Packages.W3CLinkChecker

W3C Link Checker

nixos-unstable W3C-LinkChecker-5.0.0
- nixpkgs-unstable W3C-LinkChecker-5.0.0
- nixos-unstable-small W3C-LinkChecker-5.0.0

pkgs.tests.fetchurl.hashedMirrors

None

nixos-unstable jlsriwxk0w3v
- nixpkgs-unstable jlsriwxk0w3v
- nixos-unstable-small jlsriwxk0w3v
nixos-25.11 ww3m898lak6d
- nixos-25.11-small ww3m898lak6d
- nixpkgs-25.11-darwin ww3m898lak6d

pkgs.tests.fetchgit.sparseCheckout

None

nixos-25.11 1y4asnkgw37p
- nixos-25.11-small 1y4asnkgw37p
- nixpkgs-25.11-darwin 1y4asnkgw37p

pkgs.perl538Packages.W3CLinkChecker

W3C Link Checker

nixos-25.11 W3C-LinkChecker-5.0.0
- nixos-25.11-small W3C-LinkChecker-5.0.0
- nixpkgs-25.11-darwin W3C-LinkChecker-5.0.0

pkgs.perl540Packages.W3CLinkChecker

W3C Link Checker

nixos-25.11 W3C-LinkChecker-5.0.0
- nixos-25.11-small W3C-LinkChecker-5.0.0
- nixpkgs-25.11-darwin W3C-LinkChecker-5.0.0

pkgs.tests.fetchFromGitHub.leave-git

None

nixos-25.11 1qjd2liw3yr9
- nixos-25.11-small 1qjd2liw3yr9
- nixpkgs-25.11-darwin 1qjd2liw3yr9

pkgs.perlPackages.DateTimeFormatW3CDTF

Parse and format W3CDTF datetime strings

nixos-unstable W3CDTF-0.08
- nixpkgs-unstable W3CDTF-0.08
- nixos-unstable-small W3CDTF-0.08
nixos-25.11 W3CDTF-0.08
- nixos-25.11-small W3CDTF-0.08
- nixpkgs-25.11-darwin W3CDTF-0.08

pkgs.ocamlPackages.lablgtk3-sourceview3

OCaml interface to GTK 3

nixos-unstable lablgtk3-sourceview3-3.1.5
- nixpkgs-unstable lablgtk3-sourceview3-3.1.5
- nixos-unstable-small lablgtk3-sourceview3-3.1.5
nixos-25.11 lablgtk3-sourceview3-3.1.5
- nixos-25.11-small lablgtk3-sourceview3-3.1.5
- nixpkgs-25.11-darwin lablgtk3-sourceview3-3.1.5

pkgs.perl5Packages.DateTimeFormatW3CDTF

Parse and format W3CDTF datetime strings

nixos-unstable W3CDTF-0.08
- nixpkgs-unstable W3CDTF-0.08
- nixos-unstable-small W3CDTF-0.08

pkgs.chickenPackages_5.chickenEggs.glfw3

Bindings to the GLFW3 OpenGL window and event management library

nixos-unstable glfw3-0.7.1
- nixpkgs-unstable glfw3-0.7.1
- nixos-unstable-small glfw3-0.7.1
nixos-25.11 glfw3-0.7.1
- nixos-25.11-small glfw3-0.7.1
- nixpkgs-25.11-darwin glfw3-0.7.1

pkgs.perl538Packages.DateTimeFormatW3CDTF

Parse and format W3CDTF datetime strings

nixos-25.11 W3CDTF-0.08
- nixos-25.11-small W3CDTF-0.08
- nixpkgs-25.11-darwin W3CDTF-0.08

pkgs.perl540Packages.DateTimeFormatW3CDTF

Parse and format W3CDTF datetime strings

nixos-25.11 W3CDTF-0.08
- nixos-25.11-small W3CDTF-0.08
- nixpkgs-25.11-darwin W3CDTF-0.08

pkgs.perlPackages.WebServiceValidatorHTMLW3C

Access the W3Cs online HTML validator

nixos-unstable W3C-0.28
- nixpkgs-unstable W3C-0.28
- nixos-unstable-small W3C-0.28
nixos-25.11 W3C-0.28
- nixos-25.11-small W3C-0.28
- nixpkgs-25.11-darwin W3C-0.28

pkgs.perl5Packages.WebServiceValidatorHTMLW3C

Access the W3Cs online HTML validator

nixos-unstable W3C-0.28
- nixpkgs-unstable W3C-0.28
- nixos-unstable-small W3C-0.28

pkgs.ocamlPackages_latest.lablgtk3-sourceview3

OCaml interface to GTK 3

nixos-unstable lablgtk3-sourceview3-3.1.5
- nixpkgs-unstable lablgtk3-sourceview3-3.1.5
- nixos-unstable-small lablgtk3-sourceview3-3.1.5

pkgs.perl538Packages.WebServiceValidatorHTMLW3C

Access the W3Cs online HTML validator

nixos-25.11 W3C-0.28
- nixos-25.11-small W3C-0.28
- nixpkgs-25.11-darwin W3C-0.28

pkgs.perl540Packages.WebServiceValidatorHTMLW3C

Access the W3Cs online HTML validator

nixos-25.11 W3C-0.28
- nixos-25.11-small W3C-0.28
- nixpkgs-25.11-darwin W3C-0.28

pkgs.haskellPackages.hs-opentelemetry-propagator-w3c

Trace propagation via HTTP headers following the w3c tracestate spec

nixos-unstable w3c-0.1.0.0
- nixpkgs-unstable w3c-0.1.0.0
- nixos-unstable-small w3c-0.1.0.0
nixos-25.11 w3c-0.1.0.0
- nixos-25.11-small w3c-0.1.0.0
- nixpkgs-25.11-darwin w3c-0.1.0.0

Package maintainers

@fedeinthemix Federico Beffa <beffa@fbengineering.ch>
@grindhold grindhold <grindhold+nix@skarphed.org>
@vifino Adrian Pistol <vifino@tty.sh>
@tudbut Daniella Hennig <nixpkgs@mail.tudbut.de>
@uninsane Colin Sane <colin@uninsane.org>
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
@vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
@toastal toastal <toastal+nix@posteo.net>

Untriaged

Permalink CVE-2025-68843

created 1 month ago

WordPress FeedWordPress Advanced Filters plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Schuiling FeedWordPress Advanced Filters faf allows Reflected XSS.This issue affects FeedWordPress Advanced Filters: from n/a through <= 0.6.2.

References

https://patchstack.com/database/Wordpress/Plugin/faf/vulnerability/wordpress-fe… vdb-entry

Affected products

faf

=<<= 0.6.2

Matching in nixpkgs

pkgs.maiko

Medley Interlisp virtual machine

nixos-unstable 250616-de1fafba
- nixpkgs-unstable 250616-de1fafba
- nixos-unstable-small 250616-de1fafba
nixos-25.11 250616-de1fafba
- nixos-25.11-small 250616-de1fafba
- nixpkgs-25.11-darwin 250616-de1fafba

pkgs.error-inject.mce-inject

MCE error injection tool

nixos-unstable 4cbe46321b4a81365ff3aafafe63967264dbfec5
- nixpkgs-unstable 4cbe46321b4a81365ff3aafafe63967264dbfec5
- nixos-unstable-small 4cbe46321b4a81365ff3aafafe63967264dbfec5
nixos-25.11 4cbe46321b4a81365ff3aafafe63967264dbfec5
- nixos-25.11-small 4cbe46321b4a81365ff3aafafe63967264dbfec5
- nixpkgs-25.11-darwin 4cbe46321b4a81365ff3aafafe63967264dbfec5

pkgs.tests.fetchzip.postFetch

None

nixos-25.11 xav2rax2mfaf
- nixos-25.11-small xav2rax2mfaf
- nixpkgs-25.11-darwin xav2rax2mfaf