Lucene search
K

93 matches found

NVD
NVD
added 2 days ago3 views

CVE-2026-57380

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57380 WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-57380

The CVE-2026-57380 entry concerns WordPress Extensions for Leaflet Map (extensions-leaflet-map) with versions up to and including 5.1. It describes an improper neutralization of user input during web page generation, enabling DOM-based cross-site scripting (XSS). Affected component: the Extension...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/07 2:31 p.m.6 views

WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by manop55555 in WordPress Plugin Extensions for Leaflet Map versions = 5.1...

7.1CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5451

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.7AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.32 views

CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

6.1CVSS0.00191EPSS
Exploits2References2
Patchstack
Patchstack
added 2026/04/09 10:2 p.m.5 views

WordPress Extensions for Leaflet Map plugin <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.14...

6.4CVSS5.9AI score0.00201EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.3 views

CVE-2026-39646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

6.5CVSS5.9AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:33 p.m.5 views

EUVD-2026-20645

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS6.1AI score0.00201EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 9:17 p.m.6 views

CVE-2026-5451

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS0.00201EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 8:25 p.m.15 views

CVE-2026-5451

CVE-2026-5451 affects the WordPress plugin Extensions for Leaflet Map . The vulnerability is a stored XSS via the elevation-track shortcode in all versions up to and including 4.14, caused by insufficient input sanitization and output escaping on user-supplied attributes. An attacker with Contrib...

6.4CVSS6.1AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/08 8:25 p.m.21 views

CVE-2026-5451 Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS0.00201EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 8:25 p.m.2 views

CVE-2026-5451 Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS6.1AI score0.00201EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:25 p.m.1 views

CVE-2026-5451

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS6.1AI score0.00201EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/08 9:31 a.m.3 views

EUVD-2026-20307

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

5.9AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.6 views

CVE-2026-39646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

6.5CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39646 WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

6.5CVSS5.9AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.7 views

CVE-2026-39646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

5.9AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.23 views

CVE-2026-39646 WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.7 views

CVE-2026-39646

CVE-2026-39646 affects the WordPress Leaflet Map plugin (leaflet-map)

6.5CVSS5.9AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder