Lucene search
K

27 matches found

ATTACKERKB
ATTACKERKB
added 2023/07/18 9:15 a.m.3 views

CVE-2023-2433

The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in page...

6.4CVSS7AI score0.00423EPSS
Exploits0References4
OSV
OSV
added 2023/07/18 9:15 a.m.5 views

CVE-2023-2433

The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in page...

5.4CVSS6AI score0.00423EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.12 views

PT-2023-19525 · WordPress · Yarpp

Name of the Vulnerable Software and Affected Versions: YARPP plugin for WordPress versions up to, and including, 5.30.3 Description: The issue arises from insufficient input sanitization and output escaping, allowing contributor-level attackers to inject arbitrary web scripts via the className...

6.4CVSS6.2AI score0.00423EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.26 views

WordPress Plugin YARPP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

6.4CVSS6.4AI score0.00423EPSS
Exploits0References4
CNVD
CNVD
added 2022/11/21 12:0 a.m.33 views

Student Attendance Management System Cross-Site Scripting Vulnerability

Student Attendance Management System is a student attendance management system. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the className parameter of the createClass.php file, which can be exploited to cause cross-site scripting attacks...

2.1AI score0.00427EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/02/26 12:0 a.m.42 views

Symantec Data Center Security Server 'WCUnsupportedClass.jsp' XSS

The remote Symantec Data Center Security Server running on the remote host is affected by a reflected cross-site scripting vulnerability due to improper validation of input to the 'classname' parameter in the 'WCUnsupportedClass.jsp' script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5.2AI score
Exploits0References1
Prion
Prion
added 2007/11/20 7:46 p.m.20 views

Design/Logic Flaw

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service application crash via a long string in 1 the domain parameter to the dgettext function, the message parameter to the 2 dcgettext or 3 gettext function, the msgid1 parameter to the 4 dngettext or 5 ngettext...

2.1CVSS7.3AI score0.01027EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder