Lucene search
K

66 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.11 views

CVE-2026-6048

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/19 11:22 p.m.11 views

WordPress Flipbox Addon for Elementor plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by WordFence in WordPress Plugin Ultimate Flipbox Addon for Elementor versions = 2.0.8...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/18 5:16 a.m.5 views

CVE-2026-6048

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS0.00249EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/18 3:37 a.m.4 views

CVE-2026-6048 Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/18 3:37 a.m.29 views

CVE-2026-6048 Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS0.00249EPSS
Exploits0References5
CVE
CVE
added 2026/04/18 3:37 a.m.22 views

CVE-2026-6048

The Flipbox Addon for Elementor (WordPress) contains a Stored Cross-Site Scripting (XSS) vulnerability in the Flipbox widget button URL parameter custom_attributes. In versions up to 2.1.1, it validates attribute names with esc_html(), which does not block event handler attributes (e.g., onmouseo...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.8 views

PT-2026-33589

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL custom attributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses esc htm...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:26 p.m.7 views

CVE-2026-2509

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

6.4CVSS6.1AI score0.00345EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/08 1:26 p.m.5 views

CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

6.4CVSS6.1AI score0.00345EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 1:26 p.m.18 views

CVE-2026-2509

CVE-2026-2509: The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 2.0.8. The root cause is an incomplete event handler blocklist in the pagelayer_xss_content filtering function, which blocks common event handlers but n...

6.4CVSS6.1AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 1:26 p.m.20 views

CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

6.4CVSS0.00345EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31305

Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer plugin for WordPress versions up to and including 2.0.8 Description The Page Builder: Pagelayer plugin for WordPress is susceptible to Stored Cross-Site Scripting via the Button widget's Custom Attributes field. This is...

6.4CVSS5.9AI score0.00345EPSS
Exploits0References7
OSV
OSV
added 2026/03/23 8:51 p.m.12 views

GHSA-V55J-83PF-R9CQ Rails has a possible XSS vulnerability in its Action View tag helpers

Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/03/23 8:51 p.m.11 views

Rails has a possible XSS vulnerability in its Action View tag helpers

Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...

2.3CVSS5.3AI score0.00516EPSS
Exploits0References10Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.10 views

Rails has a possible XSS vulnerability in its Action View tag helpers

Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/19 6:31 p.m.7 views

EUVD-2026-13131

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...

5.9CVSS6.1AI score0.00101EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:10 p.m.4 views

CVE-2026-32704

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Thi...

6.5CVSS6.1AI score0.00246EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/02/03 7:46 a.m.6 views

WordPress Brizy - Page Builder plugin <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability

WordPress Brizy - Page Builder plugin = 2.4.43 - Authenticated Contributor+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by wesley wcraft in WordPress Plugin Brizy versions = 2.4.43...

6.4CVSS5.3AI score0.00254EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/07/16 4:46 p.m.6 views

DRUPAL-CONTRIB-2025-090

This module allows you to define custom attributes for a block. You can specify an attribute name to be added to the block in a predefined format. The module does not sufficiently validate the provided attributes, which makes it possible to insert JavaScript event attributes such as onmouseover,...

6.1CVSS5.9AI score0.00223EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/30 3:30 p.m.5 views

Incorrect Authorization

Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization due to a business logic flaw ...

5.4CVSS6.8AI score0.00594EPSS
Exploits0References2
Rows per page
Query Builder