Lucene search
+L

891 matches found

OSV
OSV
added 2025/09/09 8:16 p.m.4 views

CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...

7.1CVSS5.7AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.13 views

PT-2025-36954

Name of the Vulnerable Software and Affected Versions: wabac.js versions 2.23.10 and below Description: wabac.js provides a full web archive replay system using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic. The requestURL parameter,...

7.1CVSS5.5AI score0.00237EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2025/08/11 11:7 p.m.11 views

Litestar has potential log injection in exception logging

Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...

7.3AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.7 views

CVE-2025-49322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...

5.9CVSS5.2AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 1:15 p.m.5 views

CVE-2025-49322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...

5.9CVSS0.00225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/06/06 12:53 p.m.4 views

CVE-2025-49322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...

5.9CVSS5.2AI score0.00225EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/06 12:53 p.m.6 views

CVE-2025-49322 WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...

5.9CVSS6.9AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:53 p.m.17 views

CVE-2025-49322 WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...

5.9CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:53 p.m.43 views

CVE-2025-49322

CVE-2025-49322 affects the WordPress plugin 404 Page by SeedProd. It is a Stored XSS vulnerability in the page generation flow, exploitable only by authenticated attackers (Administrator+). Affected versions are up to 1.0.1; a fix is available in 1.0.2+ (upgrade recommended). CVSS v3.1 base score...

5.9CVSS5.2AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.5 views

PT-2025-24246 · Seedprod · Seedprod 404 Page

Name of the Vulnerable Software and Affected Versions: SeedProd 404 Page by SeedProd affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This enables an...

5.9CVSS5.4AI score0.00225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:59 a.m.9 views

CVE-2024-1068

The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins...

7.2CVSS7.3AI score0.00756EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.8 views

CVE-2024-34423

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpbits Forty Four – 404 Plugin for WordPress allows Stored XSS.This issue affects Forty Four – 404 Plugin for WordPress: from n/a through 1.4...

5.9CVSS5.2AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:52 a.m.7 views

CVE-2024-24889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9...

6.1CVSS7.1AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.10 views

CVE-2024-11118

The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make changes to plug...

5.3CVSS6.4AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:24 a.m.9 views

CVE-2023-52146

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0...

5.3CVSS6.7AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.13 views

CVE-2023-32740

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kunal Nagar Custom 404 Pro plugin = 3.8.1 versions...

6.1CVSS5.9AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.12 views

CVE-2023-51540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0...

7.1CVSS7AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:26 a.m.8 views

CVE-2023-33276

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without...

6.1CVSS6.2AI score0.00476EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:4 a.m.10 views

CVE-2023-2032

The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities...

9.8CVSS8.5AI score0.00934EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.5 views

CVE-2023-2023

The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.0171EPSS
Exploits2References1
Rows per page
Query Builder