Lucene search
+L

165 matches found

OSV
OSV
added 2025/01/14 11:15 a.m.3 views

CVE-2024-12240

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.00327EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.6 views

WordPress plugin iChart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

6.4CVSS7.9AI score0.00344EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.14 views

PT-2024-35185 · Unknown · Forex Signals

Name of the Vulnerable Software and Affected Versions: Provide Forex Signals versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can inject...

6.5CVSS6.3AI score0.00231EPSS
Exploits0References5
OSV
OSV
added 2024/09/17 6:15 a.m.2 views

CVE-2024-8052

The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00193EPSS
Exploits1References1
OSV
OSV
added 2024/06/06 2:15 a.m.4 views

CVE-2024-5001

The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id', 'oxiaddonsftitletag', and 'contentdescriptiontag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and outpu...

5.4CVSS5.9AI score0.00321EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 7 : rest (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data...

7.5CVSS7.1AI score0.04913EPSS
Exploits0References4
OSV
OSV
added 2024/04/18 9:15 p.m.5 views

CVE-2024-30921

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...

5.4CVSS6.2AI score0.0062EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.13 views

PT-2024-18032 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 Description: The issue is related to Stored Cross-Site Scripting via the modal popup widget's effect setting due to insufficient input sanitization and outpu...

6.4CVSS8AI score0.005EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 11:19 a.m.22 views

BIT-GITLAB-2021-22227

A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it...

6.1CVSS5.9AI score0.00946EPSS
Exploits0References4
NCSC
NCSC
added 2024/02/19 12:0 a.m.20 views

Vulnerabilities fixed in IBM Qradar

IBM has fixed vulnerabilities in Qradar and underlying components such as SIEM, Wincollect and Case Manager. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...

9.8CVSS7AI score0.99999EPSS
Exploits63
CNNVD
CNNVD
added 2024/01/21 12:0 a.m.4 views

CodeAstro Internet Banking System Cross-Site Scripting Vulnerability

CodeAstro Internet Banking System is a PHP online banking system from CodeAstro. A cross-site scripting vulnerability exists in CodeAstro Internet Banking System version 1.0, which stems from the parameter Client Full Name in the file pagesclientsignup.php that can lead to cross-site scripting...

5.4CVSS5.9AI score0.00562EPSS
Exploits1References2
OSV
OSV
added 2023/10/16 8:15 p.m.4 views

CVE-2023-4783

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00403EPSS
Exploits2References1
Openbugbounty
Openbugbounty
added 2023/04/27 3:26 p.m.13 views

torarica.com Cross Site Scripting vulnerability OBB-3277599

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/09 12:0 a.m.10 views

PT-2023-16874 · Unknown · Sourcecodester File Tracker Manager System

Name of the Vulnerable Software and Affected Versions: SourceCodester File Tracker Manager System version 1.0 Description: A problematic issue was found in the SourceCodester File Tracker Manager System, affecting an unknown part of the file normal/borrow1.php. The manipulation of the id argument...

6.1CVSS4.2AI score0.00599EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.7 views

Nortek Control Linear eMerge E3-Series 跨站脚本漏洞

The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in several versions of the Nortek Control Linear eMerge...

5.4CVSS4.9AI score0.00554EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/09 12:0 a.m.13 views

PT-2022-22113 · Yii2 Gii · Yii2 Gii

Name of the Vulnerable Software and Affected Versions: Yii2 Gii versions through 2.2.4 Description: The issue allows stored XSS by injecting a payload into any field. Some fields, such as Message Category in Model Generator, CRUD Generator or Form Generator, and Author Name in Extension Generator...

5.4CVSS5.1AI score0.00607EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2022/12/02 12:0 a.m.6 views

The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

4.9CVSS5.3AI score0.00446EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/28 2:15 p.m.2 views

CVE-2022-3824

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.3 views

Bodhi 跨站脚本漏洞

Bodhi is a web-based system used to manage the software update release process for Fedora. A security vulnerability exists in Bodhi version 5.6.1, which can be exploited by an attacker to perform cross-site scripting attacks...

6.1CVSS6AI score0.00406EPSS
Exploits0References3
OSV
OSV
added 2022/08/30 9:26 a.m.5 views

USN-5585-1 jupyter-notebook vulnerabilities

It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...

7.5CVSS6.5AI score0.01741EPSS
Exploits1References9
Rows per page
Query Builder