Lucene search
K

119 matches found

Patchstack
Patchstack
added 2024/02/29 12:0 a.m.10 views

WordPress Advanced iFrame Plugin <= 2024.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2024.1 Fixed in 2024.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1341 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4f416259347 Credits Fariq Fadillah Gusti...

5.4CVSS5.7AI score0.00282EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.4 views

WordPress Plugin Advanced iFrame Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.8AI score0.00282EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.4 views

PT-2024-17960 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to, and including, 2024.1 Description: The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced iframe shortcode. This vulnerability is du...

5.4CVSS5.8AI score0.00282EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.11 views

Advanced iFrame < 2024.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute...

5.4CVSS5.7AI score0.00282EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/05 6:15 a.m.2 views

CVE-2024-24870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...

5.4CVSS5.8AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2024/02/05 6:15 a.m.23 views

CVE-2024-24870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...

6.5CVSS5.9AI score0.00289EPSS
Exploits0References1
Prion
Prion
added 2024/02/05 6:15 a.m.16 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...

4.9CVSS6.9AI score0.00289EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/05 5:45 a.m.42 views

CVE-2024-24870 WordPress Advanced iFrame Plugin <= 2023.10 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...

6.5CVSS6.5AI score0.00289EPSS
Exploits0References1
CVE
CVE
added 2024/02/05 5:45 a.m.61 views

CVE-2024-24870

The CVE-2024-24870 entry describes a Stored XSS in the WordPress Advanced iFrame plugin (≤ 2023.10) due to Improper Neutralization of Input During Web Page Generation. Affected component: Advanced iFrame plugin; root cause: insufficient input sanitization/escaping in the advanced_iframe context. ...

6.5CVSS5.6AI score0.00289EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/05 5:45 a.m.27 views

CVE-2024-24870 WordPress Advanced iFrame Plugin <= 2023.10 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...

6.5CVSS5.6AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.4 views

WordPress plugin Advanced iFrame cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.3AI score0.00289EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/04 12:0 a.m.4 views

PT-2024-20626 · Unknown · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame versions through 2023.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicio...

6.5CVSS5.1AI score0.00289EPSS
Exploits0References7
CNVD
CNVD
added 2024/02/02 12:0 a.m.5 views

WordPress Plugin Advanced iFrame Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Advanced iFrame, which stems from insufficient input cleanup and output escapi...

6.4CVSS5.9AI score0.00315EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/02/02 12:0 a.m.16 views

WordPress Advanced iFrame Plugin <= 2023.10 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.10 Fixed in 2024.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24870 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5ac08cfdc818 Credits LVT-tholv2k Required privilege...

6.5CVSS6.5AI score0.00289EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/02/01 11:15 a.m.16 views

CVE-2023-51690

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8...

6.5CVSS6.4AI score0.00307EPSS
Exploits0References1
OSV
OSV
added 2024/02/01 11:15 a.m.1 views

CVE-2023-51690

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8...

5.4CVSS5.8AI score0.00307EPSS
Exploits0References1
Prion
Prion
added 2024/02/01 11:15 a.m.14 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8...

4.9CVSS7AI score0.00307EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/01 10:55 a.m.14 views

CVE-2023-51690 WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8...

6.5CVSS6.8AI score0.00307EPSS
Exploits0References1
CVE
CVE
added 2024/02/01 10:55 a.m.40 views

CVE-2023-51690

CVE-2023-51690 affects the WordPress WordPress Advanced iFrame plugin. The vulnerability is an Improper Neutralization of Input During Web Page Generation, i.e., a Stored Cross-Site Scripting (XSS) issue in the plugin’s input handling. Affected versions are

6.5CVSS5.6AI score0.00307EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/02/01 4:15 a.m.25 views

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.3AI score0.00315EPSS
Exploits0References2
Rows per page
Query Builder