Lucene search
K

21 matches found

OSV
OSV
added 2026/05/18 8:54 a.m.5 views

BIT-PRESTASHOP-2026-44212 PrestaShop: Stored XSS executable in customer service view

PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...

9.3CVSS5.8AI score0.00331EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:44 p.m.6 views

CVE-2026-44212

PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...

9.3CVSS5.8AI score0.00331EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 8:44 p.m.9 views

EUVD-2026-30481

PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...

9.3CVSS5.8AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 8:44 p.m.33 views

CVE-2026-44212

CVE-2026-44212 concerns PrestaShop's back-office Customer Service view. A stored XSS exists where an unauthenticated attacker can submit the public Contact Us form with a malicious email; the payload is stored in the database and executes when a back-office employee opens the affected customer th...

9.3CVSS5.8AI score0.00331EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/08 4:54 p.m.12 views

PrestaShop has a stored XSS executable in customer service view

Impact This is a stored Cross-site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee open...

9.3CVSS5.8AI score0.00331EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/07 9:20 a.m.1 views

CVE-2025-14028 Contact Us Simple Form <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...

4.4CVSS4.7AI score0.003EPSS
Exploits0References5
CVE
CVE
added 2026/01/07 9:20 a.m.15 views

CVE-2025-14028

CVE-2025-14028 affects Contact Us Simple Form (WordPress) plugins

4.4CVSS4.7AI score0.003EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-49845

Malicious code in bioql PyPI...

6.9CVSS4.9AI score0.00567EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-28442

Malicious code in bioql PyPI...

5.9CVSS5.2AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2024/09/28 3:15 p.m.3 views

CVE-2024-9300

A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. This vulnerability affects unknown code of the file contactus.php of the component Message Us Form. The manipulation of the argument fullname/email/message leads to cross site scripting. T...

6.1CVSS3.8AI score0.00567EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/09/28 12:0 a.m.3 views

Online Railway Reservation System 跨站脚本漏洞

Online Railway Reservation System is an online railroad reservation system by adminastro individual developers. A cross-site scripting vulnerability exists in SourceCodester Online Railway Reservation System version 1.0, which originates from a cross-site scripting issue in the...

6.9CVSS4.7AI score0.00567EPSS
Exploits1References6
OSV
OSV
added 2023/08/11 2:15 p.m.3 views

CVE-2020-24075

Cross Site Scripting XSS vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code...

6.1CVSS6.1AI score0.00456EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/11 12:0 a.m.13 views

CVE-2020-24075

Cross Site Scripting XSS vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code...

6.5AI score0.00456EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.4 views

Laborator Kalium Cross-Site Scripting Vulnerability

Laborator Kalium is a WordPress theme by Laborator. A cross-site scripting vulnerability exists in Laborator Kalium prior to version 3.0.4, which stems from a cross-site scripting XSS vulnerability in the name input field of a Contact Us form, allowing remote attackers to execute arbitrary code...

6.1CVSS6.2AI score0.00456EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/11 12:0 a.m.25 views

CVE-2020-24075

Cross Site Scripting XSS vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code...

6.2AI score0.00456EPSS
Exploits0References1
NVD
NVD
added 2023/04/23 10:15 a.m.16 views

CVE-2023-24386

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Karishma Arora AI Contact Us Form plugin = 1.0 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2023/04/23 10:15 a.m.4 views

CVE-2023-24386

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Karishma Arora AI Contact Us Form plugin = 1.0 versions...

4.8CVSS5.8AI score0.00392EPSS
Exploits0References1
Prion
Prion
added 2023/04/23 10:15 a.m.13 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Karishma Arora AI Contact Us Form plugin = 1.0 versions...

4.3CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/23 9:38 a.m.43 views

CVE-2023-24386

The CVE refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Karishma Arora AI Contact Us Form” versions &lt;= 1.0. The issue is described as Auth. (admin+) XSS, indicating that authenticated users with admin-level privileges can exploit it. The root cause document...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.6 views

WordPress Plugin AI Contact Us Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS5.1AI score0.00392EPSS
Exploits0References2
Rows per page
Query Builder