Lucene search
K

21 matches found

Chainguard
Chainguard
added 3 days ago9 views

CVE-2026-13972 vulnerabilities

Vulnerabilities for packages: chromium...

4.3CVSS5.9AI score0.0023EPSS
Exploits0
Wolfi
Wolfi
added 3 days ago8 views

CVE-2026-13972 vulnerabilities

Vulnerabilities for packages: chromium...

4.3CVSS5.9AI score0.0023EPSS
Exploits0
Circl
Circl
added 2026/07/02 7:47 a.m.10 views

CVE-2026-13972

creationtimestamp| type| source ---|---|--- 2026-07-02 07:47:50+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-06 07:20:35+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260706...

4.3CVSS5.9AI score0.0023EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-13972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium...

4.3CVSS6.2AI score0.0023EPSS
Exploits0References2
Circl
Circl
added 2025/12/12 8:31 a.m.4 views

CVE-2025-13972

creationtimestamp| type| source ---|---|--- 2025-12-12 08:31:59+00:00| seen| https://gist.github.com/Darkcrai86/2139cf6fe7d6b3ee9ee452be61bfe72e...

4.9CVSS5.7AI score0.00464EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/11 10:3 p.m.5 views

WordPress WatchTowerHQ plugin <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter vulnerability

Authenticated Administrator+ Arbitrary File Read via 'whtdownloadbigobjectorigin' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin WatchTowerHQ versions = 3.15.0...

4.9CVSS6.8AI score0.00464EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/19 7:51 p.m.4 views

CVE-2024-13972

A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade...

8.8CVSS7.3AI score0.00127EPSS
Exploits0References1
Circl
Circl
added 2025/07/17 7:3 p.m.6 views

CVE-2024-13972

creationtimestamp| type| source ---|---|--- 2025-07-17 19:03:40+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114870125851359984 2025-07-18 05:43:48+00:00| seen| https://poliverso.org/objects/0477a01e-b4ff51d2-3ebe177d5dcd7fd6...

8.8CVSS7.6AI score0.00127EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:12 p.m.9 views

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

6.1CVSS6.7AI score0.00952EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 8:20 a.m.8 views

CVE-2019-13972

LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...

6.1CVSS5.9AI score0.00865EPSS
Exploits1References1
NVD
NVD
added 2023/09/14 7:15 p.m.10 views

CVE-2017-13972

Rejected reason: This candidate is unused by its CNA...

6.6AI score
Exploits0
CVE
CVE
added 2021/12/20 10:43 p.m.24 views

CVE-2018-13972

CVE-2018-13972 is rejected/not used and does not represent an active vulnerability entry.

7.3AI score
Exploits0
NVD
NVD
added 2020/09/03 3:15 p.m.26 views

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

6.1CVSS5.3AI score0.00686EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/09/03 2:36 p.m.34 views

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

5.5AI score0.00686EPSS
Exploits1References1
CVE
CVE
added 2020/09/03 2:36 p.m.53 views

CVE-2020-13972

CVE-2020-13972 in Enghouse Web Chat 6.2.284.34 is an XSS vulnerability triggered when a user supplies their own domain in the WebServiceLocation parameter; the POST response can display external JavaScript from a attacker-controlled server. This entry is tied to CVE-2019-16951, which Red Hat and ...

6.1CVSS5.3AI score0.00686EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/07/19 7:15 a.m.11 views

CVE-2019-13972

LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...

6.1CVSS6.1AI score0.00865EPSS
Exploits1References1
OSV
OSV
added 2019/07/19 7:15 a.m.16 views

CVE-2019-13972

LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...

6.1CVSS5.6AI score
Exploits0References1
Cvelist
Cvelist
added 2019/07/19 6:7 a.m.17 views

CVE-2019-13972

LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...

6.1AI score0.00865EPSS
Exploits1References1
CVE
CVE
added 2019/07/19 6:7 a.m.46 views

CVE-2019-13972

LayerBB 1.1.3 contains an XSS vulnerability in the pm_title parameter of application/commands/new.php (CVE-2019-13972). The issue is caused by insufficient input validation, enabling cross-site scripting and potentially exposing client-side data. This CVE is related to CVE-2019-17997. Publicly pr...

6.1CVSS5.9AI score0.00865EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/07/26 12:0 a.m.4 views

WordPress Gwolle Guestbook plugin cross-site scripting vulnerability (CNVD-2018-13972)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Gwolle Guestbook plugin, which can be exploited by an attacker t...

6.5AI score
Exploits0References1
Rows per page
Query Builder