Lucene search
K

1042880 matches found

NVD
NVD
added 2 hours ago5 views

CVE-2026-6742

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS
Exploits0References2
CVE
CVE
added 8 hours ago8 views

CVE-2026-10570

The CVE-2026-10570 entry concerns the Sympl Repeater for ACF and Elementor WordPress plugin (versions up to 2.3). Affected component: the function symp_arfe_replace_content() , which uses str_replace() to insert raw ACF field values (via get_field()) directly into Elementor-generated HTML without...

6.4CVSS6.1AI score
Exploits0References3
Nuclei
Nuclei
added 8 hours ago58 views

Microweber <1.2.11 - Stored Cross-Site Scripting

Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods. id: CVE-2022-0954 info: name: Microweber 1.2.11 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microwebe...

6.8CVSS6.4AI score0.03197EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago83 views

WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting

WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter. id: CVE-2019-19134 info: name: WordPress Hero Maps Premium =2.2.2 or apply the vendor-provided patch to fix the XSS...

6.1CVSS6.3AI score0.05651EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago45 views

Sidekiq < 7.0.8 - Cross-Site Scripting

An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system. id: CVE-2023-1892 info: name: Sidekiq 7.0.8 - Cross-Site Scripting author: ritikchaddha,princechaddha severity: critical description: | An XSS vulnerability on a Sidekiq admin pan...

9.6CVSS7.2AI score0.02742EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago78 views

WWBN AVideo 11.6 - Cross-Site Scripting

A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...

9.6CVSS7AI score0.02268EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago36 views

ProfilePress < 3.1.11 - Cross-Site Scripting

The ProfilePress plugin for WordPress before 3.1.11 is vulnerable to unauthenticated reflected cross-site scripting XSS via the tabbed login/register widget due to improper escaping of user input. Attackers can inject arbitrary JavaScript via the tabbed-login-name parameter. id: CVE-2021-24522...

6.1CVSS6.4AI score0.01285EPSS
Exploits2References3
Nuclei
Nuclei
added 8 hours ago13 views

XWiki Platform - Cross-Site Scripting

XWiki Platform versions = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the...

6.5CVSS7.3AI score0.00634EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago16 views

Contact Form Generator <= 2.5.5 - Cross-Site Scripting

The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.9AI score0.01231EPSS
Exploits3References2
Nuclei
Nuclei
added 8 hours ago23 views

Quest KACE SMA /common/run_cross_report.php 'fmt' XSS

The 'fmt' parameter of the '/common/runcrossreport.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. id: CVE-2018-11133 info: name: Quest KACE SMA /common/runcrossreport.php 'fmt' XSS author: iamnoooob,pdresearch severity: medium...

6.1CVSS6.6AI score0.07271EPSS
Exploits3References2
Nuclei
Nuclei
added 8 hours ago12 views

AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting

AcuToWeb server/10.5.0.7577c8b is vulnerable to reflected cross-site scripting XSS via the portgw parameter. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2024-42852 info: name: AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting author:...

6.1CVSS5.9AI score0.00731EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago25 views

FOSSBilling < 0.5.3 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. id: CVE-2023-3521 info: name: FOSSBilling &datefrom='" HTTP/1.1 Host: Hostname matchers-condition: and matchers: - type: word part: body words:...

6.1CVSS6.1AI score0.00919EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago19 views

Essential Grid <= 3.1.0 - Cross-Site Scripting

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability in ThemePunch OHG Essential Grid plugin = 3.1.0 versions. id: CVE-2023-47684 info: name: Essential Grid = 3.1.0 - Cross-Site Scripting author: 0xpugal severity: medium description: | Unauthenticated Reflected Cross-Site Scripting XS...

7.1CVSS6.8AI score0.00838EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago32 views

Store Locator WordPress < 1.4.13 - Cross-Site Scripting

The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-4151 info: name: Store Locator...

6.1CVSS6.4AI score0.00645EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago112 views

OPNsense - Cross-Site Scripting to RCE

There is a XSS in /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 via openAction in app/controllers/OPNsense/Cron/ItemController.php. id: CVE-2023-39007 info: name: OPNsense - Cross-Site Scripting to RCE author: ritikchaddha...

9.6CVSS7.2AI score0.02315EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago30 views

Redirection for Contact Form 7 < 2.5.0 - Cross-Site Scripting

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting. id: CVE-2022-0250 info: name: Redirection for Contact Form 7 2.5.0 - Cross-Site Scripting author: ritikchaddha...

6.1CVSS6.4AI score0.01513EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago49 views

SuperWebMailer - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...

6.1CVSS6.4AI score0.0114EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago50 views

Blog2Social < 7.2.1 - Cross-Site Scripting

The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2023-3936 info: name: Blog2Social 7.2.1 - Cross-Site...

6.1CVSS6.4AI score0.0093EPSS
Exploits2References2
Nuclei
Nuclei
added 8 hours ago54 views

PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting

A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickupid leads to cross site scripting. The attack may be launched remotely. id:...

6.1CVSS4AI score0.02499EPSS
Exploits3References4
Nuclei
Nuclei
added 8 hours ago43 views

MooDating 1.2 - Cross-Site Scripting

A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. id: CVE-2023-3846 info: name: MooDatin...

6.1CVSS4AI score0.03648EPSS
Exploits4References4
Rows per page
Query Builder