CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...

6.1CVSS5.8AI score0.00619EPSS

Exploits0References1

Github Security Blog•added 2025/03/12 7:28 p.m.•6 views

Cosmos SDK: x/group can halt when erroring in EndBlocker

Name: ISA-2025-002: x/group can halt when erroring in EndBlocker Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.47.16, = 0.50.12 Affected users: Validators, Full nodes, Users on chains that utilize the groups module Cosmos SDK...

6.9AI score

Exploits0References3Affected Software1

OSV•added 2024/09/27 7:15 a.m.•1 views

CVE-2024-9049

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.00304EPSS

Exploits0References2

Cvelist•added 2024/09/27 6:53 a.m.•20 views

CVE-2024-9049 Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module

6.4CVSS0.00304EPSS

Exploits0References2

Patchstack•added 2024/09/27 1:29 a.m.•2 views

WordPress Beaver Builder plugin <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability discovered by zer0gh0st in WordPress Plugin Beaver Builder versions = 2.8.3.6...

6.4CVSS6.1AI score0.00304EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/01/24 12:0 a.m.•5 views

PT-2024-10360 · Drupal · Open Social

Name of the Vulnerable Software and Affected Versions: Open Social versions 0.0.0 through 12.0.4 Description: The issue is related to improper authorization in Drupal Open Social, allowing the collection of data from common resource locations. This can potentially lead to unauthorized access to...

9.1CVSS7.1AI score0.00341EPSS

Exploits0References5

OSV•added 2023/12/06 4:16 p.m.•3 views

DRUPAL-CONTRIB-2023-054

The Group module has the ability to make content private to specific groups. When viewing a list of entities, e.g. nodes, a visitor should only see those entities that are either not attached to a group or that they have group access to. The module doesn't sufficiently enforce list access under t...

6.8AI score

Exploits0References1

OSV•added 2023/03/07 1:15 p.m.•3 views

CVE-2023-26954

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Group module...

5.4CVSS5.7AI score0.00384EPSS

Exploits1References1

NVD•added 2023/03/07 1:15 p.m.•12 views

CVE-2023-26955

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Admin Group module...

5.4CVSS5.3AI score0.00376EPSS

Exploits1References1

NVD•added 2023/03/07 1:15 p.m.•8 views

CVE-2023-26954

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Group module...

5.4CVSS5.3AI score0.00384EPSS

Exploits1References1

Prion•added 2023/03/07 1:15 p.m.•17 views

Cross site scripting

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Group module...

4.9CVSS5.3AI score0.00384EPSS

Exploits1References1Affected Software1

Prion•added 2023/03/07 1:15 p.m.•14 views

Cross site scripting

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Admin Group module...

4.9CVSS5.3AI score0.00376EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2023/03/07 12:0 a.m.•5 views

CVE-2023-26955

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Admin Group module...

6.1AI score0.00376EPSS

Exploits1References1

Vulnrichment•added 2023/03/07 12:0 a.m.•4 views

CVE-2023-26954

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Group module...

6.1AI score0.00384EPSS

Exploits1References1

CVE•added 2023/03/07 12:0 a.m.•41 views

CVE-2023-26954

CVE-2023-26954 affects onekeyadmin v1.3.9, with a stored cross-site scripting (XSS) vulnerability in the User Group module . The issue is characterized as a stored XSS (root cause not further detailed in the sources) with CVSSv3.1 base metrics: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, base score 5.4 ...

5.4CVSS5.3AI score0.00384EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by