Lucene search
K

132 matches found

ATTACKERKB
ATTACKERKB
added 2022/09/05 1:15 p.m.4 views

CVE-2022-2565

The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins...

7.2CVSS7AI score0.00568EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/08/29 12:0 a.m.6 views

PT-2022-18477 · Hcl · Hcl Notes

Name of the Vulnerable Software and Affected Versions: HCL iNotes affected versions not specified Description: The issue is caused by improper validation of user-supplied input in a form POST request, leading to a Reflected Cross-site Scripting XSS vulnerability. A remote attacker could exploit...

8.3CVSS6.2AI score0.00553EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/24 8:18 p.m.3 views

CVE-2022-27546

HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...

8.3CVSS5.9AI score0.00553EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/09 12:0 a.m.3 views

CVE-2022-30611

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page whic...

5.4CVSS5.7AI score0.00618EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/24 5:29 p.m.6 views

GHSA-QGRR-F26J-87VF MantisBT XXS where a Custom Field with a crafted Regular Expression property is used

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of...

4.8CVSS5.7AI score0.0149EPSS
Exploits1References5
wpexploit
wpexploit
added 2022/03/08 12:0 a.m.162 views

Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting...

6.1CVSS0.2AI score0.00863EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.146 views

WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting

The plugin does not escape the googlefontajaxname and googlefontajaxfamily parameter of the googlefontaction AJAx action available to any authenticated user before outputing them in attributes, leading Reflected Cross-Site Scripting issues var form1 = document.getElementById'hack'; //form1.submit...

6.1CVSS5.9AI score0.00861EPSS
Exploits2References1
CNVD
CNVD
added 2021/08/18 12:0 a.m.23 views

Crocoblock JetEngine Cross-Site Scripting Vulnerability

Crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively.A cross-site scripting vulnerability exists in Crocoblock JetEngine that can be exploited by attackers to perform XSS via custom form input...

5.4CVSS4.4AI score0.00605EPSS
Exploits0References1
NVD
NVD
added 2021/08/16 1:15 p.m.15 views

CVE-2021-38607

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...

5.4CVSS0.00605EPSS
Exploits0References2
Prion
Prion
added 2021/08/16 1:15 p.m.18 views

Cross site scripting

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...

3.5CVSS5AI score0.00605EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/16 12:15 p.m.23 views

CVE-2021-38607

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...

5.3AI score0.00605EPSS
Exploits0References2
CVE
CVE
added 2021/08/16 12:15 p.m.48 views

CVE-2021-38607

CVE-2021-38607 affects Crocoblock JetEngine prior to 2.6.1, where XSS is possible via a custom form input by remote authenticated users. The issue stems from an input handling flaw in the plugin component responsible for form data, enabling reflected or stored XSS depending on how the input is pr...

5.4CVSS5AI score0.00605EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.4 views

Crocoblock JetEngine 跨站脚本漏洞

Crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively.A cross-site scripting vulnerability exists in Crocoblock JetEngine that can be exploited by attackers to perform XSS via custom form input...

5.4CVSS5.1AI score0.00605EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2021/06/15 12:0 a.m.57 views

RSS for Yandex Turbo <= 1.30 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed. PoC Vulnerable parameters: =, =, =, =, =, =. PoC 1 |...

3.5CVSS1.2AI score0.00547EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/06/11 4:15 p.m.2 views

UBUNTU-CVE-2020-13663

Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities...

8.8CVSS7.2AI score0.00695EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/25 12:0 a.m.8 views

Triconsole Datepicker Calendar 跨站脚本漏洞

Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...

6.1CVSS6.2AI score0.06196EPSS
Exploits3References6
OSV
OSV
added 2020/05/06 4:52 p.m.5 views

DRUPAL-CONTRIB-2020-014

This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter user input under in the scenario when a webform is edited, namely the message related to character min/max counter does not undergo sufficient filtering and thus allows execution of JavaScript cod...

7AI score
Exploits0References1
wpexploit
wpexploit
added 2020/02/21 12:0 a.m.19 views

Chained Quiz < 1.1.9.1 - Authenticated Stored XSS

WordPress Plugin Plugin Chained Quiz latest 1.1.9 and before suffers from a Stored XSS vulnerability in the sendername, adminsubject and usersubject POST parameter when an admin completes the setting for plugin as a result, the severity is very low POST /wp-admin/admin.php?page=chainedquizoptions...

0.8AI score
Exploits0References1
Cvelist
Cvelist
added 2019/12/09 3:30 p.m.16 views

CVE-2019-19679

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue...

5.1AI score0.00627EPSS
Exploits1References1
OSV
OSV
added 2019/07/29 7:15 p.m.4 views

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

9.8CVSS5.7AI score0.02103EPSS
Exploits0References2
Rows per page
Query Builder