Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-8157

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00754EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.8 views

CVE-2021-20743

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...

6.1CVSS6.6AI score0.00754EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/24 3:6 a.m.21 views

CVE-2024-8628 Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin <= 1.2.70.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping o...

5.4CVSS0.00263EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/27 12:0 a.m.17 views

Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.2 - Contributor+ Stored Cross-Site Scripting

Description The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/06/22 2:15 a.m.19 views

CVE-2021-20743

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...

6.1CVSS0.00754EPSS
Exploits0References2
Prion
Prion
added 2021/06/22 2:15 a.m.16 views

Cross site scripting

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...

4.3CVSS6AI score0.00754EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/06/22 1:35 a.m.71 views

CVE-2021-20743

CVE-2021-20743 is a cross-site scripting vulnerability in the EC-CUBE Email newsletters management plugin for EC-CUBE 3.0.x, prior to plugin version 1.0.4 . The issue allows a remote attacker to cause an arbitrary script to run in a user’s browser by guiding them to a specially crafted page and p...

6.1CVSS6AI score0.00754EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/06/22 1:35 a.m.22 views

CVE-2021-20743

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...

6.3AI score0.00754EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/15 12:0 a.m.76 views

JVN#57524494: Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE

Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L| Base Score: 7.1 CVSS v2|...

6.1CVSS6.5AI score0.00757EPSS
Exploits0
OSV
OSV
added 2020/07/17 10:15 p.m.4 views

CVE-2020-5767

Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link...

6.5CVSS6.7AI score0.00917EPSS
Exploits2References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/09 5:15 a.m.2 views

MilkyStep vulnerable to cross-site scripting

Overview MilkyStep provided by Igreks Inc. contains a cross-site scripting vulnerability. MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Kusano Kazuhiko reported this vulnerability to IPA...

4.3CVSS6AI score0.01184EPSS
Exploits0References5
Drupal
Drupal
added 2012/09/19 12:0 a.m.23 views

SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code execution

The Simplenews Scheduler module provides a system for creating automatic email newsletters. These can be set to be sent at a fixed interval, or PHP code can be entered to evaluate a condition for a new newsletter issue to be sent. The module allows a user with the 'send scheduled newsletters'...

6CVSS6.5AI score0.01055EPSS
Exploits0References9
Rows per page
Query Builder