256 matches found
CVE-2019-15332
The Lava Z61 Android device with a build fingerprint of LAVA/Z612GB/Z612GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to...
CVE-2019-15338
The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88lite/iris88lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the devic...
CVE-2019-15356
The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system propert...
CVE-2019-15333
The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to programmaticall...
CVE-2019-15337
The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.31 that allows any app co-located on the device to programmatically...
CVE-2019-15334
The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88go/iris88go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to...
CVE-2025-28937
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through = 1.1.9...
WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Lava Ajax Search versions = 1.1.9...
CVE-2025-28937
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through = 1.1.9...
CVE-2025-28937 WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through = 1.1.9...
CVE-2025-28937
CVE-2025-28937 describes a stored cross‑site scripting (XSS) flaw in the WordPress plugin Lava Ajax Search (versions up to and including 1.1.9). The impact is stored XSS via improper neutralization of input during web page generation. The vulnerability affects Lava Ajax Search as packaged/observe...
CVE-2025-28937 WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through = 1.1.9...
WordPress plugin Lava Ajax Search 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...
CVE-2023-47659
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Lavacode Lava Directory Manager plugin = 1.1.34 versions...
CVE-2023-47659
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Lavacode Lava Directory Manager plugin = 1.1.34 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Lavacode Lava Directory Manager plugin = 1.1.34 versions...
CVE-2023-47659
CVE-2023-47659 is a stored XSS vulnerability in the Lava Directory Manager WordPress plugin by Lavacode, affecting versions up to 1.1.34. The vulnerability is exploitable by an authenticated contributor (per Patchstack) and remains unpatched in the public release history. Multiple sources corrobo...
CVE-2023-47659 WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Lavacode Lava Directory Manager plugin = 1.1.34 versions...
WordPress Plugin Lava Directory Manager Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)
Software Lava Directory Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47659 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cbb957e547b5 Credits Emili Castells...