Lucene search
K

31 matches found

osv
osv
added 2025/08/08 6:32 p.m.3 views

GHSA-6QCG-28JH-HM7R Liferay Portal Reflected XSS in blogs-web

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...

6.9CVSS5.6AI score0.00588EPSS
Exploits0References5
osv
osv
added 2025/08/08 4:15 p.m.5 views

CVE-2025-4576

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...

6.1CVSS5.9AI score0.00588EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 4:32 a.m.6 views

CVE-2023-5669

The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00604EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/06/19 12:0 a.m.3 views

WordPress plugin Photo Gallery, Images, Slider in Rbs Image Gallery Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

6.4CVSS6.2AI score0.00274EPSS
Exploits0References3
patchstack
patchstack
added 2023/11/07 12:0 a.m.9 views

WordPress Featured Image Caption Plugin <= 0.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Featured Image Caption Type Plugin Vulnerable versions = 0.8.10 Fixed in 0.8.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5669 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0231a5ef9472 Credits Lana Codes...

6.4CVSS6AI score0.00604EPSS
Exploits1References3Affected Software1
cnnvd
cnnvd
added 2023/11/07 12:0 a.m.4 views

WordPress Plugin Featured Image Caption Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6.6AI score0.00604EPSS
Exploits1References5
osv
osv
added 2022/09/06 6:15 p.m.5 views

CVE-2022-2695

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS5.9AI score0.00469EPSS
Exploits0References2
wpvulndb
wpvulndb
added 2020/09/17 12:0 a.m.8 views

MetaSlider < 3.17.2 - Authenticated Stored Cross-Site Scripting (XSS)

Vishnupriya Ilango, from Fortinet's FortiGuard Lab, discovered a stored Cross-Site Scripting XSS vulnerability in Metaslider plugin v3.17.1, which exists in Image caption or description parameter in the slide creation module...

1.7AI score
Exploits0References1Affected Software1
osv
osv
added 2020/09/16 4:31 p.m.3 views

DRUPAL-CORE-2020-010

Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS...

6.1CVSS6.9AI score0.00643EPSS
Exploits0References1
drupal
drupal
added 2020/09/16 12:0 a.m.47 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS...

6.1CVSS2.2AI score0.00643EPSS
Exploits0References8
osv
osv
added 2020/06/22 12:15 a.m.6 views

CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...

5.4CVSS6.2AI score0.00892EPSS
Exploits2References1
Rows per page
Query Builder