Lucene search
K

166 matches found

OSV
OSV
added 2023/01/23 3:15 p.m.3 views

CVE-2022-4832

The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
Prion
Prion
added 2023/01/23 3:15 p.m.20 views

Cross site scripting

The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

4.9CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/01/23 3:15 p.m.13 views

Cross site scripting

The Sitemap WordPress plugin before 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users...

4.9CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.16 views

CVE-2022-4474 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS

The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.5AI score0.00471EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.27 views

CVE-2022-4760 OneClick Chat to Order < 1.0.4.2 - Contributor+ Stored XSS via Shortcode

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

5.5AI score0.00471EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/01/17 12:0 a.m.14 views

uTubeVideo Gallery < 2.0.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC utubevideo view='panel' id='"...

5.4CVSS3AI score0.00477EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/13 12:0 a.m.13 views

Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Required...

5.4CVSS2.8AI score0.00605EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/03 12:0 a.m.19 views

CPT Bootstrap Carousel <= 1.12 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note: Fir...

5.4CVSS2.6AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/03 12:0 a.m.13 views

Accordion Shortcodes <= 2.4.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: accordion class='" onmouseover="alert1" style="background:red;width:100px;height:100px;"'...

5.4CVSS3.9AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/03 12:0 a.m.11 views

PixCodes < 2.3.7 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS1.5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.26 views

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS2.1AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/21 12:0 a.m.19 views

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Put the...

5.4CVSS1.5AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/14 12:0 a.m.19 views

WP Table Reloaded <= 1.9.4 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. PoC Explo...

5.4CVSS1.3AI score0.00471EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2022/11/05 12:0 a.m.6 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which originates from a video playback process anomaly caused by a lack of strict validation of safe...

9.8CVSS8.3AI score0.00478EPSS
Exploits0References4
NVD
NVD
added 2022/02/07 4:15 p.m.23 views

CVE-2021-24880

The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS0.00604EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2019/10/07 12:0 a.m.26 views

Cisco IOS XE Software TrustSec Protected Access Credential Provisioning DoS (cisco-sa-20190925-ctspac-dos)

According to its self-reported version, Cisco IOS XE Software is affected by a denial of service vulnerability. This is due to improper validation of attributes in RADIUS messages. An attacker can exploit this vulnerability by a sending malicious RADIUS message whil ethe device is in a specific...

8.6CVSS7AI score0.01777EPSS
Exploits0References3
CNVD
CNVD
added 2019/09/26 12:0 a.m.6 views

Cisco IOS XE CTS PAC Configuration Denial of Service Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. A denial of service vulnerability exists in the Cisco TrustSec CTS Protected Access Credentials PAC configuration module of Cisco IOS XE. The vulnerability stems from improper validation of attributes in RADIUS...

8.6CVSS6.7AI score0.01777EPSS
Exploits0References1
CVE
CVE
added 2019/09/25 8:15 p.m.64 views

CVE-2019-12663

CVE-2019-12663 affects Cisco IOS XE Software, specifically the TrustSec Protected Access Credential (PAC) provisioning module. The root cause is improper validation of attributes in RADIUS messages, which can be exploited by an unauthenticated remote attacker by sending a malicious RADIUS message...

8.6CVSS7.4AI score0.01777EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2019/09/25 8:15 p.m.8 views

CVE-2019-12663 Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service Vulnerability

A vulnerability in the Cisco TrustSec CTS Protected Access Credential PAC provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to improper...

6.8CVSS7.1AI score0.01777EPSS
Exploits0References1
OSV
OSV
added 2016/12/12 2:59 a.m.3 views

DEBIAN-CVE-2016-9424

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service heap buffer overflow crash and possibly execute arbitrary code via a crafted HTML page...

8.8CVSS8.8AI score0.03181EPSS
Exploits0References1
Rows per page
Query Builder