Lucene search
K

360 matches found

CVE
CVE
added 4 days ago9 views

CVE-2026-13710

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the Image Box widget’s sg_body_description parameter, affecting versions up to 3.2.6. The issue stems from insufficient input sanitization and...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-13710 Jeg Kit for Elementor <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_body_description' Parameter via 'jkit_image_box' Shortcode/Widget

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:0 p.m.29 views

CVE-2026-52781 OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter "description"

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants elements unrestricted data- attributes via :data wildcard. An attacker injects data-controller="poll-for-changes" into a work package description, causing Stimulus.js to mount ...

6.4CVSS0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-2834

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.7AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/05/16 4:16 p.m.17 views

CVE-2021-47981

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

5.4CVSS0.00178EPSS
Exploits0References4
CVE
CVE
added 2026/05/16 3:26 p.m.17 views

CVE-2021-47981

CVE-2021-47981 affects Quick.CMS 6.7. It describes a cross-site scripting vulnerability in the sliders form that can be exploited when an authenticated user submits an XSS payload via the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to cau...

5.4CVSS5.9AI score0.00178EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.15 views

OpenSolution Quick.CMS 跨站脚本漏洞

OpenSolution Quick.CMS is a lightweight website content management system developed by the Polish company OpenSolution. Version 6.7 of OpenSolution Quick.CMS contains a cross-site scripting vulnerability. This vulnerability stems from a cross-site scripting flaw in the sliders form, allowing...

5.4CVSS5.9AI score0.00178EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 7:16 p.m.23 views

CVE-2021-47968

Podcast Generator 3.1 is vulnerable to persistent cross-site scripting, allowing authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the longdescription parameter. Attackers can inject script tags through episode creation or editing requests to execute...

6.4CVSS0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Podcast Generator 跨站脚本漏洞

Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.1 of Podcast Generator has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting issue, which may allow authenticated attackers to inject...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.12 views

SSH MCP Server 注入漏洞

SSH MCP Server is a tool developed by Tufan Tunç for remotely executing Shell commands via SSH. Versions of SSH MCP Server 1.5.0 and earlier have a vulnerability due to improper handling of the Description parameter in the shell.write function of the src/index.ts file, which may lead to command...

8.5CVSS7.1AI score0.00653EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:31 p.m.5 views

EUVD-2026-22824

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.9AI score0.00335EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/04/15 1:16 p.m.7 views

WordPress Age Verification & Identity Verification by Token of Trust plugin <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'description' Parameter vulnerability discovered by Teerachai Somprasong in WordPress Plugin Age Verification & Identity Verification by Token of Trust versions = 3.32.3...

7.2CVSS5.8AI score0.00335EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/15 4:17 a.m.5 views

CVE-2026-2834

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00335EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/15 1:25 a.m.3 views

CVE-2026-2834 Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.9AI score0.00335EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/15 1:25 a.m.2 views

CVE-2026-2834

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.9AI score0.00335EPSS
Exploits0References4
CVE
CVE
added 2026/04/15 1:25 a.m.12 views

CVE-2026-2834

The CVE concerns the WordPress plugin “Age Verification & Identity Verification by Token of Trust” (Token of Trust) with stored cross-site scripting via the description parameter in all versions up to 3.32.3. The vulnerability results from insufficient input sanitization and output escaping, allo...

7.2CVSS5.9AI score0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 1:25 a.m.31 views

CVE-2026-2834 Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00335EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.4 views

CVE-2026-39941

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

6.1CVSS6AI score0.00263EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the Name and Description parameters by the /PropertyTypeEditor.php endpoint, which could lead to SQL...

8.8CVSS5.9AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 6:33 p.m.4 views

EUVD-2026-19344

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

6AI score0.00211EPSS
Exploits1References3
Rows per page
Query Builder