Lucene search
K

54 matches found

Prion
Prion
added 2023/12/04 10:15 p.m.14 views

Design/Logic Flaw

The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

4.3CVSS6.8AI score0.00424EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/04 9:28 p.m.3 views

CVE-2023-5137 Simply Excerpts <= 1.4 - Admin+ Stored XSS

The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

6.8AI score0.00424EPSS
Exploits2References1
CVE
CVE
added 2023/12/04 9:28 p.m.54 views

CVE-2023-5137

CVE-2023-5137 affects the Simply Excerpts WordPress plugin (

4.8CVSS5.2AI score0.00424EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.3 views

WordPress plugin Simply Excerpts security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.8CVSS8.8AI score0.00424EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/11/14 12:0 a.m.8 views

WordPress Simply Excerpts Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Simply Excerpts Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5137 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a590f7bf68fd Credits niclo Required privilege...

4.8CVSS5.7AI score0.00424EPSS
Exploits2References3Affected Software1
Trellix
Trellix
added 2023/06/13 12:0 a.m.77 views

Skuld: The Infostealer that Speaks Golang

Skuld: The Infostealer that Speaks Golang By Ernesto Fernández Provecho · June 13, 2023 In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide, something that security researchers had also noticed. The usage of Golang,...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/07/07 8:39 a.m.11 views

abrt: default abrt event scripts lead to information disclosure

It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged use...

5.5CVSS5.8AI score0.00421EPSS
Exploits0References4
Atlassian
Atlassian
added 2014/12/02 7:41 a.m.21 views

XSS vulnerability in "children" macro when displaying excerpts

Create a parent page A with a child page B - Add an \excerpt\ macro to B containing the text alert"Gotcha!"; - Add the \children\ macro to page A, with "Show excerpts" checked - Alert is shown when viewing A This is currently present on EAC - likely to be in released versions; not tested yet...

2.7AI score
Exploits0Affected Software1
NVD
NVD
added 2014/07/03 2:55 p.m.27 views

CVE-2014-4717

Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...

6.8CVSS6.6AI score0.02805EPSS
Exploits1References4
Cvelist
Cvelist
added 2014/07/03 2:0 p.m.35 views

CVE-2014-4717

Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...

6.6AI score0.02805EPSS
Exploits1References4
Atlassian
Atlassian
added 2013/05/10 2:55 p.m.22 views

Recommended updates email includes excerpts from Private/Restricted pages

The recommended updates email will include pages that are restricted, so all users will see an excerpt of that page. This is a security concern as projects that are documented could contain sensitive information. Also mentioned by users in the comments at...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/10 2:55 p.m.23 views

Recommended updates email includes excerpts from Private/Restricted pages

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29254. panel The recommended updates email will include pages that are restricted, so all users will see an excerpt of that page...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2011/08/12 9:57 a.m.7 views

Welt.de hacked - Credit Card info of 30264 users Compromised

Welt.de hacked - Credit Card info of 30264 users Compromised Welt.de hacked using an SQL Injection https://boot24.welt.de/indexwelt..php?ac =. The Hacker was deeply penetrate into the infrastructure of the Website and copy number information from the database of MySQL. He has published the links ...

7.7AI score
Exploits0
OSV
OSV
added 2007/01/29 5:28 p.m.2 views

DEBIAN-CVE-2007-0541

WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain...

5CVSS6.5AI score0.02521EPSS
Exploits0References1
Rows per page
Query Builder