Lucene search
K

190 matches found

Cvelist
Cvelist
added 2024/09/26 2:3 a.m.50 views

CVE-2024-8803 Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting

The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.0037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.4 views

PT-2024-38637 · WordPress · Simple Headline Rotator

Name of the Vulnerable Software and Affected Versions: The Simple Headline Rotator WordPress plugin version 1.0 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Store...

6.1CVSS5.7AI score0.00177EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.2 views

WordPress plugin Orbit Fox by ThemeIsle 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

6.4CVSS6.4AI score0.0031EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/06/15 12:0 a.m.5 views

WordPress Plugin Collapse-O-Matic Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS6.6AI score0.00342EPSS
Exploits0References6
CNVD
CNVD
added 2024/06/06 12:0 a.m.5 views

WordPress ElementsReady Addons for Elementor Cross-Site Scripting Attack Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.ElementsReady Addons for Elementor is a plugin for the Elementor widget library used in... A cross-site scripting attack vulnerability exists ...

6.4CVSS6.1AI score0.00314EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/29 1:33 p.m.5 views

golang: html/template: improper handling of HTML-like comments within script contexts

A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...

6.1CVSS7.1AI score0.00815EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/05/24 6:42 a.m.32 views

CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xaiusername’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00707EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.5 views

golang: html/template: improper handling of HTML-like comments within script contexts

A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...

6.1CVSS7.1AI score0.00815EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

WordPress plugin Beaver Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6.2AI score0.00419EPSS
Exploits0References5
OSV
OSV
added 2024/04/09 7:15 p.m.7 views

CVE-2024-2186

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00423EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.5 views

WordPress Plugin Elementor Addons by Livemesh 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

6.4CVSS7.7AI score0.00427EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:59 a.m.25 views

BIT-MEDIAWIKI-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS5.8AI score0.00689EPSS
Exploits1References4
OSV
OSV
added 2024/03/05 11:15 p.m.9 views

AZL-79024 CVE-2024-24785 affecting package golang 1.25.7-1

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

5.4CVSS7AI score0.00795EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.6 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the deleted parameter on the /cupseasylive/grnlist.php page. An attacker could use this...

8.2CVSS7AI score0.00399EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/10 11:36 a.m.8 views

golang: html/template: improper handling of HTML-like comments within script contexts

A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00815EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/12/15 7:2 p.m.38 views

CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...

9.9CVSS9.8AI score0.01188EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/12/12 5:29 p.m.6 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00798EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/12/12 5:24 p.m.7 views

golang: html/template: improper handling of HTML-like comments within script contexts

A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00815EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/10/31 2:23 p.m.4 views

golang: html/template: improper handling of HTML-like comments within script contexts

A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00815EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/10/31 2:23 p.m.5 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00798EPSS
Exploits0References8
Rows per page
Query Builder