99 matches found
CVE-2024-37199
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9...
CVE-2024-37199 WordPress Enfold theme <= 5.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9...
CVE-2024-37199 WordPress Enfold theme <= 5.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kriesi.At Enfold allows Reflected XSS.This issue affects Enfold: from n/a through 5.6.9...
CVE-2024-37199
CVE-2024-37199 is a Reflected XSS vulnerability in the WordPress theme Enfold (Kriesi.At Enfold) affecting Enfold versions up to and including 5.6.9. Public detail states that input is improperly neutralized during web page generation, enabling reflected XSS. The Red Hat/NVD entries corroborate t...
PT-2024-27367 · Enfold · Enfold
Name of the Vulnerable Software and Affected Versions: Enfold versions through 5.6.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions through 5.6.9...
WordPress Enfold theme <= 5.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by tom Patchstack Alliance in WordPress Theme Enfold versions = 5.6.9...
WordPress Enfold Theme <= 5.6.9 is vulnerable to Cross Site Scripting (XSS)
Software Enfold Type Theme Vulnerable versions = 5.6.9 Fixed in 5.6.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37199 Patch priority Low CVSS severity Low 7.1 Developer Kriesi PSID 231fe6fad434 Credits tom Required privilege Unauthenticated Published 20 June...
CVE-2023-38400
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4...
CVE-2023-38400
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4...
CVE-2023-38400 WordPress Enfold Theme <= 5.6.4 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4...
CVE-2023-38400
CVE-2023-38400 affects Enfold - Responsive Multi-Purpose Theme (WordPress) up to version 5.6.4. The issue is a Reflected Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Exploitation details are not provided in the supplied documents, but Patchstac...
WordPress Plugin Enfold Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-26407 · Enfold · Enfold
Name of the Vulnerable Software and Affected Versions: Enfold - Responsive Multi-Purpose Theme versions n/a through 5.6.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...
Enfold < 5.6.5 - Reflected Cross-Site Scripting
Description The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 5.6.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
WordPress Enfold Theme <= 5.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Enfold Type Theme Vulnerable versions = 5.6.4 Fixed in 5.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38400 Patch priority Medium CVSS severity Medium 7.1 Developer Kriesi PSID 33a791c850de Credits Rafie Muhammad Patchstack Required privilege...
WordPress Enfold Theme Plugin < 4.8.4 XSS Vulnerability
The WordPress SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kriesi:enfold"; if description...
WordPress Enfold Theme Plugin < 3.0.1 Unknown Vulnerability
The WordPress SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kriesi:enfold"; if description...
WordPress Enfold Theme 4.8.3 Cross Site Scripting
Exploit Title: WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting XSS Google Dork: "inurl:avia-element-paging" Date: 18/10/2021 Exploit Author: Francisco Díaz-Pache Alonso, Sergio Corral Cristo and David Álvarez Robles Vendor Homepage: https://kriesi.at/ Version: Enfold This URL must...
WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting Vulnerability
Exploit Title: WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting XSS Google Dork: "inurl:avia-element-paging" Exploit Author: Francisco Díaz-Pache Alonso, Sergio Corral Cristo and David Álvarez Robles Vendor Homepage: https://kriesi.at/ Version: Enfold This URL must include pages show...