Lucene search
+L

95 matches found

Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.8 views

PT-2024-36811 · WordPress · The Prime Slider – Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Prime Slider – Addons For Elementor plugin for WordPress versions up to, and including, 3.14.7 Description: The issue is related to Stored Cross-Site Scripting via the id attribute within the Pacific widget due to insufficient input...

6.4CVSS6AI score0.00321EPSS
Exploits0References9
OSV
OSV
added 2024/04/09 7:15 p.m.5 views

CVE-2024-3053

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminatorform shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it...

5.4CVSS5.9AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.11 views

PT-2024-22866 · WordPress · Sydney Toolbox

Name of the Vulnerable Software and Affected Versions: Sydney Toolbox plugin for WordPress versions up to, and including, 1.26 Description: The issue is related to Stored Cross-Site Scripting via the id attribute of widgets due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS7.9AI score0.0034EPSS
Exploits0References7
OSV
OSV
added 2024/02/05 10:15 p.m.8 views

CVE-2023-6884

This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'placeid' attribute. This makes it possible for authenticated attackers with...

5.4CVSS6AI score0.00614EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.2 views

SUSE CVE-2013-6624

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes...

7.5CVSS9.6AI score0.01459EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/04/20 7:44 p.m.6 views

libxml2: Use-after-free of ID and IDREF attributes

A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XMLPARSEDTDVALID option and without the XMLPARSENOENT option, resulting in a use-after-free issue...

7.5CVSS6.8AI score0.0601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/20 7:30 p.m.15 views

libxml2: Use-after-free of ID and IDREF attributes

A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XMLPARSEDTDVALID option and without the XMLPARSENOENT option, resulting in a use-after-free issue...

7.5CVSS6.8AI score0.0601EPSS
Exploits0References4
OSV
OSV
added 2022/03/14 12:31 p.m.5 views

CLSA-2022-1647261060 Fix of CVE: CVE-2022-23308

CVE-2022-23308: fix use-after-free of ID and IDREF attributes...

7.5CVSS6.8AI score0.0601EPSS
Exploits0References1
OSV
OSV
added 2022/02/26 5:15 a.m.2 views

DEBIAN-CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes...

7.5CVSS7.2AI score0.0601EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/12/15 6:2 p.m.3 views

keycloak: Account REST API can update user metadata attributes

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...

4.9CVSS5.7AI score0.00572EPSS
Exploits0References4
NVD
NVD
added 2017/11/15 8:29 a.m.16 views

CVE-2017-8812

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject greater than characters via the id attribute of a headline...

5.3CVSS5.6AI score0.01573EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2008/11/29 2:30 a.m.20 views

CVE-2008-5282

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via 1 a link with a long HREF attribute, and 2 a DIV tag with a long id attribute...

10CVSS6.5AI score0.17635EPSS
Exploits1References1
NVD
NVD
added 2008/11/29 2:30 a.m.25 views

CVE-2008-5282

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via 1 a link with a long HREF attribute, and 2 a DIV tag with a long id attribute...

10CVSS7.6AI score0.17635EPSS
Exploits1References10
Prion
Prion
added 2006/03/19 11:6 a.m.15 views

Spoofing

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service client disconnect via inputs that produce malformed XML, including 1 trailing ' apostrophe character on the ID attribute in a PLAYER XML tag, 2 joining with a long ID attribute or non-trailing ' characters, which causes a...

5CVSS7.3AI score0.03443EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2006/03/19 11:0 a.m.16 views

CVE-2006-1275

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service client disconnect via inputs that produce malformed XML, including 1 trailing ' apostrophe character on the ID attribute in a PLAYER XML tag, 2 joining with a long ID attribute or non-trailing ' characters, which causes a...

6.7AI score0.03443EPSS
Exploits1References6
Rows per page
Query Builder