Lucene search
+L

34 matches found

CNNVD
CNNVD
added 2023/06/07 12:0 a.m.7 views

WordPress Plugin WP Quick FrontEnd Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.4CVSS5.6AI score0.00492EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.4 views

WordPress Plugin WP Quick FrontEnd Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS5.2AI score0.00663EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.4 views

PT-2023-12474 · WordPress · Wp Quick Frontend Editor

Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to, and including, 5.5 Description: The issue arises from insufficient input sanitization and output escaping on the save content front function, which uses print r on user-supplied $...

6.1CVSS6.5AI score0.0075EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.8 views

PT-2023-12482 · WordPress · Wp Quick Frontend Editor

Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5 Description: The issue is due to the lack of a security nonce and a capabilities check, allowing low-authenticated attackers to change plugin settings without prop...

4.3CVSS4.6AI score0.00663EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.5 views

WordPress Plugin WP Quick FrontEnd Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.1CVSS5.1AI score0.00798EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/10/19 12:0 p.m.8 views

Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module

A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Frontend Editor CKEditor Web before 5.0.46 from Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject...

6.1CVSS6.1AI score0.00496EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2022/10/18 9:15 p.m.18 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the 1 name, or 2 namespace...

5.8CVSS6AI score0.00496EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.6 views

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and more. A security vulnerability exists in Liferay Portal...

6.1CVSS5.8AI score0.00496EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.6 views

PT-2022-26261 · Cksource +1 · Ckeditor +2

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.14 Liferay DXP versions 7.3 before update 6 Liferay DXP versions 7.4 before update 15 Description: A Cross-site scripting XSS issue exists due to the integration of the Frontend Editor module with...

6.1CVSS6AI score0.00496EPSS
Exploits0References12
CVE
CVE
added 2022/10/18 12:0 a.m.61 views

CVE-2022-42116

CVE-2022-42116 is an XSS vulnerability in Liferay Portal/Liferay DXP where the Frontend Editor module’s CKEditor integration accepts user-controlled input via the name or namespace parameters. Affected versions include Liferay Portal 7.3.2 through 7.4.3.14 and Liferay DXP 7.3 before update 6 and ...

6.1CVSS6AI score0.00496EPSS
Exploits0References1Affected Software2
vulnersOsv
vulnersOsv
added 2021/05/24 7:51 p.m.5 views

brat-frontend-editor (>=0.0.19 <=0.3.42), frontend-editor (>=0.0.1 <=0.0.5) +3 more potentially affected by CVE-2021-20086 via jquery-bbq (>=0.0.1 <=1.0.0)

jquery-bbq NPM version =0.0.1, =0.0.19, =0.0.1, =0.0.1, =2.1.3, =2.2.3-a Source cves: CVE-2021-20086 Source advisory: OSV:GHSA-7W8J-85WM-6XFQ...

8.8CVSS7.2AI score0.06104EPSS
Exploits1
Patchstack
Patchstack
added 2021/01/12 12:0 a.m.10 views

WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Content Injection vulnerability

Authenticated Content Injection vulnerability found by Jerome Bruandet in WordPress WP Quick FrontEnd Editor plugin versions = 5.5. Solution 2021-01-18 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of October 23, 2020 and is...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/01/12 12:0 a.m.9 views

WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Settings Change and Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Settings Change and Stored Cross-Site Scripting XSS vulnerability found by Jerome Bruandet NinTechNet in WordPress WP Quick FrontEnd Editor plugin versions = 5.5. Solution 2021-01-18 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin...

1.3AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/09 12:0 a.m.33 views

Buddyforms < 2.2.8 - SQL Injection

The Contact – Registration – Post Form Builder & FrontEnd Editor BuddyForms – Making WordPress Forms A Breeze WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2AI score0.01833EPSS
Exploits0Affected Software1
Rows per page
Query Builder