Lucene search
+L

27 matches found

Prion
Prion
added 2021/04/05 7:15 p.m.18 views

Design/Logic Flaw

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

3.5CVSS5.5AI score0.00746EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/04/05 6:27 p.m.27 views

CVE-2021-24206 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

5.7AI score0.00746EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/04/05 12:0 a.m.5 views

WordPress 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

5.4CVSS5.4AI score0.00746EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/04/05 12:0 a.m.5 views

WordPress Elementor Website Builder 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

5.4CVSS5.4AI score0.00746EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2021/03/17 12:0 a.m.21 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget

In the plugin, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript ...

3.5CVSS0.3AI score0.00746EPSS
Exploits2References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/03/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-24206

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

5.4CVSS6AI score0.00746EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/03/17 12:0 a.m.172 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget

In the plugin, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript ...

3.5CVSS5.5AI score0.00746EPSS
Exploits2References1
Rows per page
Query Builder