Lucene search
K

27 matches found

Nuclei
Nuclei
added 18 hours ago16 views

WordPress Visualizer <3.3.1 - Cross-Site Scripting

WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard...

6.1CVSS6.5AI score0.03342EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/05/22 4:41 a.m.7 views

CVE-2019-16931

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...

6.1CVSS6.5AI score0.03342EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2017-16931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '...

9.8CVSS7.9AI score0.04278EPSS
Exploits0References2
Amazon
Amazon
added 2023/05/03 12:0 a.m.64 views

Medium: libxml2

Issue Overview: parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. CVE-2017-16931 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in...

9.8CVSS7.8AI score0.22791EPSS
Exploits8
CVE
CVE
added 2020/11/05 11:27 p.m.548 views

CVE-2018-16931

CVE-2018-16931 is rejected/not used per the Initial Description.

7.4AI score
Exploits0
Cvelist
Cvelist
added 2020/11/05 11:27 p.m.14 views

CVE-2018-16931

...

Exploits0
CVE
CVE
added 2020/10/16 10:17 p.m.163 views

CVE-2020-16931

CVE-2020-16931 affects Microsoft Excel. A remote code execution flaw arises from improper handling of in-memory objects, allowing arbitrary code execution in the attacker’s context if a user opens a specially crafted Excel file. Exploitation scenarios include email attachments or hosting a crafte...

7.8CVSS8.4AI score0.04469EPSS
Exploits0References2Affected Software5
Microsoft KB
Microsoft KB
added 2020/10/13 7:0 a.m.102 views

Description of the security update for Excel 2010: October 13, 2020

Description of the security update for Excel 2010: October 13, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following securi...

7.8CVSS8.2AI score0.04469EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.38 views

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1089)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.7AI score0.23694EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/10/04 12:0 a.m.43 views

Amazon Linux 2 : libxml2 (ALAS-2019-1301)

xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free an...

10CVSS7.7AI score0.08628EPSS
Exploits0References3
NVD
NVD
added 2019/10/03 7:15 p.m.21 views

CVE-2019-16931

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...

6.1CVSS6.3AI score0.03342EPSS
Exploits2References3
CVE
CVE
added 2019/10/03 6:34 p.m.147 views

CVE-2019-16931

The WordPress Visualizer plugin (versions prior to 3.3.1; affected entry cites 3.3.0) contains a stored XSS via the WP-JSON API endpoint /wp-json/visualizer/v1/update-chart. The root cause is that Block.php registers this endpoint with no access control and Data.php lacks output sanitization, all...

6.1CVSS6.5AI score0.03342EPSS
Exploits2References3Affected Software1
Amazon
Amazon
added 2019/09/30 12:0 a.m.67 views

Medium: libxml2

Issue Overview: xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service...

10CVSS9AI score0.08628EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:40 a.m.28 views

Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows (CVE-2017-16931, CVE-2017-16932)

Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerabilities in libxml2. Vulnerability Details Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerabilities in libxml...

9.8CVSS0.9AI score0.05928EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/09/18 12:0 a.m.62 views

EulerOS Virtualization 2.5.0 : libxml2 (EulerOS-SA-2018-1258)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary co...

9.8CVSS8.3AI score0.05928EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/09/18 12:0 a.m.41 views

EulerOS Virtualization 2.5.1 : libxml2 (EulerOS-SA-2018-1257)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary co...

9.8CVSS8.3AI score0.05928EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.66 views

EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1156)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial ...

9.8CVSS7.5AI score0.05928EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:20 p.m.31 views

Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM InfoSphere Identity Insight.

Summary Vulnerabilities have been addressed in the Libxml2 component of IBM InfoSphere Identity Insight. Vulnerability Details CVEID: CVE-2017-16932 DESCRIPTION: Xmlsoft libxml2 is vulnerable to a denial of service, caused by an infinite recursion issue in parameter entities. By sending a...

9.8CVSS1.6AI score0.05928EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/12/01 12:0 a.m.35 views

Debian DLA-1194-1 : libxml2 security update

CVE-2017-16931 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. CVE-2017-16932 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in paramet...

9.8CVSS7.2AI score0.05928EPSS
Exploits0References4
Debian
Debian
added 2017/11/30 2:5 p.m.74 views

[SECURITY] [DLA 1194-1] libxml2 security update

Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy11 CVE ID : CVE-2017-16931 CVE-2017-16932 CVE-2017-16931 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a % character in a DTD name...

9.8CVSS7.8AI score0.05928EPSS
Exploits0
Rows per page
Query Builder