Lucene search
+L

256 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:30 a.m.12 views

CVE-2019-15332

The Lava Z61 Android device with a build fingerprint of LAVA/Z612GB/Z612GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to...

3.3CVSS6.7AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.8 views

CVE-2019-15338

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88lite/iris88lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the devic...

3.3CVSS6.7AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:2 a.m.8 views

CVE-2019-15356

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system propert...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 a.m.7 views

CVE-2019-15333

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to programmaticall...

3.3CVSS6.7AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 a.m.10 views

CVE-2019-15337

The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.31 that allows any app co-located on the device to programmatically...

3.3CVSS6.7AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:33 a.m.12 views

CVE-2019-15334

The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88go/iris88go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to...

3.3CVSS6.7AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/14 3:46 p.m.9 views

CVE-2025-28937

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through = 1.1.9...

5.9CVSS7.2AI score0.00264EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/11 9:48 p.m.5 views

WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Lava Ajax Search versions = 1.1.9...

5.9CVSS7.6AI score0.00264EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/03/11 9:15 p.m.6 views

CVE-2025-28937

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through = 1.1.9...

5.9CVSS0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/11 9:1 p.m.17 views

CVE-2025-28937 WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through = 1.1.9...

5.9CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2025/03/11 9:1 p.m.45 views

CVE-2025-28937

CVE-2025-28937 describes a stored cross‑site scripting (XSS) flaw in the WordPress plugin Lava Ajax Search (versions up to and including 1.1.9). The impact is stored XSS via improper neutralization of input during web page generation. The vulnerability affects Lava Ajax Search as packaged/observe...

5.9CVSS7.2AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/11 9:1 p.m.5 views

CVE-2025-28937 WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through = 1.1.9...

5.9CVSS8.6AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.5 views

WordPress plugin Lava Ajax Search 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

5.9CVSS8.2AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2023/11/14 5:15 p.m.21 views

CVE-2023-47659

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Lavacode Lava Directory Manager plugin = 1.1.34 versions...

6.5CVSS0.00385EPSS
Exploits0References1
OSV
OSV
added 2023/11/14 5:15 p.m.4 views

CVE-2023-47659

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Lavacode Lava Directory Manager plugin = 1.1.34 versions...

5.4CVSS7.3AI score0.00385EPSS
Exploits0References1
Prion
Prion
added 2023/11/14 5:15 p.m.14 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Lavacode Lava Directory Manager plugin = 1.1.34 versions...

4.9CVSS5.8AI score0.00385EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/14 5:11 p.m.76 views

CVE-2023-47659

CVE-2023-47659 is a stored XSS vulnerability in the Lava Directory Manager WordPress plugin by Lavacode, affecting versions up to 1.1.34. The vulnerability is exploitable by an authenticated contributor (per Patchstack) and remains unpatched in the public release history. Multiple sources corrobo...

6.5CVSS5.5AI score0.00385EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/14 5:11 p.m.10 views

CVE-2023-47659 WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Lavacode Lava Directory Manager plugin = 1.1.34 versions...

6.5CVSS5.8AI score0.00385EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.3 views

WordPress Plugin Lava Directory Manager Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.5CVSS6.5AI score0.00385EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.15 views

WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Software Lava Directory Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47659 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cbb957e547b5 Credits Emili Castells...

6.5CVSS5.8AI score0.00385EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder