Lucene search
K

103 matches found

WPVulnDB
WPVulnDB
added 2020/09/06 12:0 a.m.21 views

Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. PoC High-privileged user Editor+ can exploit XSS via Add New Form...

5.2AI score0.00654EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/06/12 4:0 p.m.29 views

CVE-2020-4047 Authenticated XSS via media attachment page in WordPress

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

6.8CVSS6.6AI score0.03625EPSS
Exploits0References8
OSV
OSV
added 2020/03/12 10:15 p.m.2 views

CVE-2020-6643

An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack XSS...

5.4CVSS5.3AI score0.0084EPSS
Exploits0References1
CVE
CVE
added 2019/09/13 2:58 p.m.231 views

CVE-2019-16289

CVE-2019-16289 concerns the WordPress plugin insert-php (Woody ad snippets) , affected versions prior to 2.2.8. The vulnerability allows authenticated Cross-Site Scripting (XSS) through the winp_item parameter . Red Hat and CVE listings consistently describe the issue as an authenticated XSS flaw...

5.4CVSS5.2AI score0.01028EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/09/13 2:58 p.m.29 views

CVE-2019-16289

The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...

5.3AI score0.01028EPSS
Exploits1References3
NVD
NVD
added 2019/08/09 2:15 p.m.23 views

CVE-2019-14797

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS...

5.4CVSS5.5AI score0.01295EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2019/07/31 12:0 a.m.207 views

D-Link 6600-AP XSS / DoS / Information Disclosure

Security Advisory - 22/07/2019 Multiple vulnerabilities found in the D-Link 6600-AP device running the latest firmware version 4.2.0.14. D-Link 6600-AP is not produced anymore but the support is still provided by D-Link as per described on the D-Link website. Not that this product is built for...

5.8AI score0.01954EPSS
Exploits8
WPVulnDB
WPVulnDB
added 2019/07/03 12:0 a.m.18 views

Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS

Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice PoC https:///wp-admin/options-general.php?page=smae=remind=Iyc7YWxlcnQoL1hTUy8pOy8v...

4.3CVSS0.9AI score0.00985EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/22 12:0 a.m.12 views

Photospace Responsive < 1.1.8 - Authenticated XSS

The Photospace Responsive Gallery WordPress plugin was affected by an Authenticated XSS security vulnerability...

3.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/08 12:0 a.m.15 views

Custom Field Suite <= 2.5.14 - Authenticated Cross-Site Scripting (XSS)

The Custom Field Suite WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

3.5CVSS1.7AI score0.00946EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2018/12/10 12:0 a.m.13 views

WordPress Smush Image Compression and Optimization plugin <= 2.9.1 - Authenticated XSS & Phar Deserialization vulnerabilities

Authenticated XSS & Phar Deserialization vulnerabilities found by RIPS Technologies in WordPress Smush Image Compression and Optimization plugin versions = 2.9.1. Solution Update the WordPress Smush Image Compression and Optimization plugin to the latest available version at least 3.0.0...

3.4AI score
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2018/10/25 12:0 a.m.27 views

Apache Active MQ 5.0.0 to 5.15.5 Authenticated XSS Vulnerability - Linux

Apache ActiveMQ is prone to an authenticated XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

6.1CVSS6.2AI score0.55895EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2018/06/15 12:0 a.m.6 views

Ultimate Form Builder Lite <= 1.3.7 - Multiple Vulnerabilities

Authenticated XSS & SQL Injection...

2.2AI score
Exploits0References2Affected Software1
OSV
OSV
added 2018/04/23 2:29 p.m.3 views

CVE-2018-10234

Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=umoptions&section=account page...

4.8CVSS5.6AI score0.00641EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2017/06/15 6:29 p.m.1 views

CVE-2017-9674

In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?returnurl=XSS exploitable as a regular or admin user...

5.4CVSS5.4AI score0.00656EPSS
Exploits1References2
OSV
OSV
added 2017/03/12 1:59 a.m.21 views

CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

5.4CVSS5.9AI score
Exploits0References9
exploitpack
exploitpack
added 2015/05/26 12:0 a.m.37 views

WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities

WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities Title: Multiple vulnerabilities in WordPress plugin "WordPress Landing Pages" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/landing-pages/ Active installs: 20,000+...

6.5CVSS0.2AI score0.03947EPSS
Exploits7
WPVulnDB
WPVulnDB
added 2015/03/04 12:0 a.m.11 views

Plugin Info Card <= 2.3.6 - Authenticated XSS

Authenticated XSS via wppic-list POST parameter in the wppicwidgetrender AJAX method which is also lacking CSRF and authorisation checks, even in the fixed version...

5.3AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2013/09/03 12:0 a.m.23 views

TP-Link TD-W8951ND - Multiple Vulnerabilities

TP-Link TD-W8951ND - Multiple Vulnerabilities ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Tested on TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Rel.30923 ------------------------- Affected vendors: -------------------------...

0.1AI score
Exploits0
0day.today
0day.today
added 2013/09/03 12:0 a.m.50 views

TP-Link TD-W8951ND - Multiple Vulnerabilities

Exploit for hardware platform in category web applications ------------------------- Affected products: ------------------------- Tested on TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Rel.30923 ------------------------- Affected vendors: ------------------------- TP-Link http://www.tp-link.com...

7.1AI score
Exploits0
Rows per page
Query Builder