Lucene search

K

Fluid Security Vulnerabilities

cve
cve

CVE-2024-3031

The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS

6AI Score

0.0004EPSS

2024-06-04 06:15 AM
cve
cve

CVE-2023-51699

Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s....

4CVSS

5.2AI Score

0.0004EPSS

2024-03-15 07:15 PM
32
cve
cve

CVE-2023-28604

The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge...

6.1CVSS

5.8AI Score

0.0005EPSS

2023-12-12 05:15 PM
25
cve
cve

CVE-2023-30840

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the csi-nodeplugin-fluid...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-05-08 06:15 PM
14
cve
cve

CVE-2020-26216

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...

8CVSS

6.5AI Score

0.001EPSS

2020-11-17 09:15 PM
43
cve
cve

CVE-2020-15241

TYPO3 Fluid Engine (package typo3fluid/fluid) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like {showFullName ? fullName : defaultValue}. Updated versions of this package are....

6.1CVSS

5.8AI Score

0.001EPSS

2020-10-08 09:15 PM
68
cve
cve

CVE-2016-10975

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin...

6.1CVSS

6AI Score

0.001EPSS

2019-09-17 03:15 PM
31
cve
cve

CVE-2016-10974

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored...

8.8CVSS

8.7AI Score

0.001EPSS

2019-09-17 03:15 PM
15
cve
cve

CVE-2002-1036

Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match...

7AI Score

0.055EPSS

2002-10-04 04:00 AM
24