Lucene search
+L

48 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.5 views

CVE-2025-12836

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.20 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...

6.4CVSS6AI score0.00248EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.38 views

CVE-2025-12836

CVE-2025-12836 — VK Google Job Posting Manager (WordPress) is a stored cross-site scripting vulnerability in the VK Google Job Posting Manager plugin for WordPress. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Job Description field, ...

6.4CVSS6.1AI score0.00248EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/24 12:15 a.m.15 views

WordPress VK Google Job Posting Manager plugin <= 1.2.20 - Authenticated (Author+) Stored Cross-Site Scripting via Job Description Field vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Job Description Field vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin VK Google Job Posting Manager versions = 1.2.20...

6.4CVSS5.4AI score0.00248EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.13 views

WordPress plugin VK Google Job Posting Manager has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00248EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.11 views

PT-2026-4565

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.20 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.5 views

CVE-2025-14467 WP Job Portal <= 2.4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field

The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.4. This is due to the plugin explicitly whitelisting the tag in its WPJOBPORTALALLOWEDTAGS configuration and using insufficient input sanitization when saving job...

4.4CVSS6AI score0.00211EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.5 views

PT-2024-39846 · Unknown · Sourcecodester Profile Registration Without Reload Refresh

Name of the Vulnerable Software and Affected Versions: SourceCodester Profile Registration without Reload Refresh version 1.0 Description: A vulnerability has been found in the system, marked as problematic. The issue affects an unknown functionality of the file add.php. The manipulation of the...

6.1CVSS4.3AI score0.00429EPSS
Exploits1References9
Rosalinux
Rosalinux
added 2023/10/22 6:16 a.m.61 views

Advisory ROSA-SA-2023-2272

software: quartz 2.2.1 OS: ROSA-CHROME packageevrstring: quartz-2.2.1-11.src.rpm CVE-ID: CVE-2019-13990 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description...

9.8CVSS6.8AI score0.162EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/09/04 8:40 a.m.78 views

Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising

Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware. "Threat actors have long used fraudulent ads as a vector to target victims with scams, malvertising, and more,"...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/01 11:11 a.m.13 views

Hacking AI Resume Screening with Text in a White Font

The Washington Post is reporting on a hack to fool automatic resume sorting programs: putting text in a white font. The idea is that the programs rely primarily on simple pattern matching, and the trick is to copy a list of relevant keywords--or the published job description--into the resume in a...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.4 views

SUSE CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

5CVSS7AI score0.162EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:19 p.m.28 views

Stored XSS vulnerability in Jenkins Compact Columns Plugin

Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. Compact Columns Plugin 1.12 applies the configured markup formatter to the job...

5.4CVSS5AI score0.00735EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:19 p.m.20 views

GHSA-X68X-WVM2-HQC8 Stored XSS vulnerability in Jenkins Compact Columns Plugin

Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. Compact Columns Plugin 1.12 applies the configured markup formatter to the job...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References5
OSV
OSV
added 2021/03/14 9:20 p.m.16 views

MGASA-2021-0133 Updated quartz packages fix a security vulnerability

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description CVE-2019-13990...

9.8CVSS9.3AI score0.162EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.6 views

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS7AI score0.162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/04 2:2 p.m.6 views

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS7AI score0.162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.8 views

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS7AI score0.162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.6 views

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS7AI score0.162EPSS
Exploits0References4
OSV
OSV
added 2020/07/01 5:55 p.m.3 views

GHSA-9QCF-C26R-X5RF XML external entity injection in Terracotta Quartz Scheduler

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

9.8CVSS6.8AI score0.162EPSS
Exploits0References30
Prion
Prion
added 2020/06/03 1:15 p.m.15 views

Cross site scripting

Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission...

3.5CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder