Lucene search
K

11 matches found

CVE
CVE
added yesterday23 views

CVE-2026-11908

CVE-2026-11908 affects Drupal Tagify integration. The issue is an improper neutralization of input during web page generation in Tagify, allowing Stored XSS in Tagify widgets for versions 0.0.0 through 1.2.52. Connected sources (NVD, CVE lists, DRUPAL-SA-CONTRIB-2026-043, OSV) confirm the cross-s...

6.1AI score
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 6:10 p.m.6 views

CVE-2026-56774

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS5.9AI score0.00266EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-24688

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 11:25 a.m.8 views

CVE-2025-54706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through = 1.2.52...

6.5CVSS5.9AI score0.00164EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 11:15 a.m.14 views

CVE-2025-54706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through = 1.2.52...

6.5CVSS0.00164EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 10:34 a.m.15 views

CVE-2025-54706

CVE-2025-54706 concerns the WordPress plugin Magical Posts Display (versions up to and including 1.2.52). The issue is a DOM-based cross-site scripting (XSS) vulnerability caused by improper neutralization of user input during web page generation. Impact, per the sources, is low to medium across ...

6.5CVSS5.9AI score0.00164EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.5 views

CVE-2025-54706 WordPress Magical Posts Display Plugin plugin <= 1.2.52 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52...

6.5CVSS7.1AI score0.00164EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.6 views

WordPress plugin Magical Posts Display 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.5CVSS6.1AI score0.00164EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.8 views

PT-2025-33258 · WordPress · Magical Posts Display

Name of the Vulnerable Software and Affected Versions: Magical Posts Display versions 1.0.0 through 1.2.52 Description: The software contains a DOM-Based Cross-site Scripting issue due to improper neutralization of input during web page generation. Recommendations: Update Magical Posts Display to...

6.5CVSS6.1AI score0.00164EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.5 views

PT-2024-15943 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form plugin for WordPress versions up to, and including, 1.2.52 Description: The issue is related to Stored Cross-Site Scripting via the plugin's CP CALCULATED FIELDS shortcode due to insufficient input sanitization and outp...

6.4CVSS5.7AI score0.0048EPSS
Exploits0References8
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.104 views

Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a slider, put the following payload in the CSS settings and save: The XSS will be...

4.8CVSS0.8AI score0.00995EPSS
Exploits2
Rows per page
Query Builder