Lucene search
K

47 matches found

Prion
Prion
added 2023/01/30 9:15 p.m.16 views

Cross site scripting

The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

4.9CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/01/30 8:31 p.m.48 views

CVE-2022-4763

The Icon Widget WordPress plugin before 1.3.0 does not validate and escape certain shortcode attributes, enabling Stored XSS by users with at least Contributor privileges against higher-privilege users (e.g., admins). Affected: Icon Widget

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.26 views

WordPress plugin Icon Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/01/03 12:0 a.m.396 views

Icon Widget < 1.3.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS2.2AI score0.00471EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/01/03 12:0 a.m.14 views

Icon Widget < 1.3.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS3.2AI score0.00471EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2023/01/03 12:0 a.m.10 views

WordPress Icon Widget Plugin < 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Icon Widget Type Plugin Vulnerable versions 1.3.0 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4763 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 818cb8e834a0 Credits István Márton Required...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/10/07 6:15 p.m.6 views

com.liferay:com.liferay.css.builder (>=1.0.8 <=1.0.14), com.liferay:com.liferay.deployment.helper (>=1.0.0 <=1.0.2) +8 more potentially affected by CVE-2022-41414 via com.liferay.portal:portal-impl (=7.0.0-nightly)

com.liferay.portal:portal-impl MAVEN version =7.0.0-nightly is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay.portal:portal-impl and may be impacted: - com.liferay:com.liferay.css.builder =1.0.8, =1.0.0, =1.0.6, =1.0.3, =1.0.3, =1.0.47,...

5.3CVSS6AI score0.00427EPSS
Exploits0
Rows per page
Query Builder