Lucene search
K

61 matches found

OSV
OSV
added 2024/06/05 6:15 a.m.3 views

CVE-2024-1161

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

5.4CVSS5.9AI score0.00254EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/05 5:33 a.m.12 views

CVE-2024-1161 Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

6.4CVSS5.8AI score0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/05 5:33 a.m.22 views

CVE-2024-1161 Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

6.4CVSS5.2AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.4 views

PT-2024-17136 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.43 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00254EPSS
Exploits0References6
OSV
OSV
added 2024/05/24 7:15 a.m.2 views

CVE-2024-4485

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncustomattributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

5.4CVSS5.9AI score
Exploits0References3
wpexploit
wpexploit
added 2024/05/23 12:0 a.m.183 views

FooGallery < 2.4.15 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin Create a new...

8.2AI score0.00368EPSS
Exploits2References1
OSV
OSV
added 2024/05/22 3:15 p.m.4 views

CVE-2024-3926

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customattributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input sanitization...

5.4CVSS6AI score0.00324EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/22 1:16 a.m.6 views

WordPress Element Pack Elementor Addons plugin <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via customattributes vulnerability discovered by wesley wcraft in WordPress Plugin Element Pack Elementor Addons versions = 5.6.1...

6.4CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/07 8:15 p.m.3 views

CVE-2024-2127

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00344EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.9 views

PT-2024-18849 · WordPress · Pagelayer

Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions up to, and including, 1.8.3 Description: The issue is related to Stored Cross-Site Scripting via custom attributes due to insufficient input sanitizatio...

6.4CVSS7.8AI score0.00344EPSS
Exploits0References6
OSV
OSV
added 2024/01/03 9:15 a.m.2 views

CVE-2023-6747

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to...

5.4CVSS6.8AI score
Exploits0References4
Qualys Blog
Qualys Blog
added 2023/07/21 5:0 p.m.86 views

Add Unique Asset Context with Custom Attributes in CSAM

There is no such thing as “too much context” when it comes to asset management. Continuous discovery and comprehensive, normalized asset data create the foundation for streamlined risk detection and response. The more reliable asset data a security team has, the better it can operationalize an...

7AI score
Exploits0
OSV
OSV
added 2023/01/17 6:5 p.m.10 views

GSD-2023-1000738 HID: hid-sensor-custom: set fixed size for custom attributes

HID: hid-sensor-custom: set fixed size for custom attributes This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2020/09/16 7:59 p.m.21 views

CVE-2020-20406

A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes...

5.3AI score0.00696EPSS
Exploits0References1
CVE
CVE
added 2020/09/16 7:59 p.m.58 views

CVE-2020-20406

The CVE-2020-20406 entry concerns Elementor Page Builder (v2.9.2 and earlier) where a Stored Cross-Site Scripting (XSS) flaw exists in the Custom Link Attributes control Affect function due to inadequate filtering of link attributes. The impact is stored XSS; details on exploit vectors or affecte...

5.4CVSS5.2AI score0.00696EPSS
Exploits0References1Affected Software1
Citrix
Citrix
added 2020/07/31 12:0 a.m.6 views

Extract and Use Custom Attributes from Active Directory for NetScaler Appliance

Although Active Directory AD username and realm/domain attributes are often sufficient for identifying a user, at times you need even more details of the user. For example, "UserPrincipalName" that contains the user’s domain might represent a forest level realm and not the organization to which t...

7AI score
Exploits0
NVD
NVD
added 2020/06/05 10:15 p.m.16 views

CVE-2020-13865

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes...

5.4CVSS5.4AI score0.00761EPSS
Exploits2References1
OSV
OSV
added 2020/06/05 10:15 p.m.3 views

CVE-2020-13865

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes...

5.4CVSS6.1AI score0.00761EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2020/06/05 12:0 a.m.18 views

Elementor Page Builder < 2.9.10 - Authenticated Stored XSS

The Elementor Page Builder plugin is susceptible to stored XSS. An author user can create custom links containing XSS payloads or apply custom attributes to widgets which results in XSS. PoC javascript:alert1, JaVaScript:alert1, javas cript:alert1...

3.5CVSS0.8AI score0.00761EPSS
Exploits3References1Affected Software1
Hacker One
Hacker One
added 2017/11/01 9:45 p.m.51 views

Open-Xchange: IDOR - setAttribute action of user object in API

Note. I selected sandbox.open-xchange.com as the asset in Hackerone but this was tested on a local installation . Hello, There appears to be a possible IDOR vulnerability in the following API endpoint for setting custom attributes:...

0.6AI score
Exploits0
Rows per page
Query Builder