Lucene search
K

40 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.4 views

CVE-2024-1074

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.9AI score0.00532EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:29 p.m.23 views

CVE-2021-29434

Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...

6.1CVSS6.8AI score0.00626EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:15 p.m.15 views

CVE-2020-15902

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option...

6.1CVSS5.8AI score0.35135EPSS
Exploits0
Hacker One
Hacker One
added 2025/05/09 2:8 p.m.5 views

U.S. Dept Of Defense: Cross-Site Scripting via 'return_link_url' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website. The vulnerability was found in the 'returnlinkurl' parameter, which allowed an attacker to inject malicious scripts that could be executed. Exploitation of this vulnerability could have led to consequences such as cookie theft...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.4 views

PT-2024-36822 · Linkace · Linkace

Name of the Vulnerable Software and Affected Versions: LinkAce versions prior to 1.15.6 Description: A reflected cross-site scripting XSS issue exists in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response...

4.6CVSS6.2AI score0.00286EPSS
Exploits1References8
OSV
OSV
added 2024/03/13 4:15 p.m.4 views

CVE-2024-1074

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS7.4AI score
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.3 views

WordPress Plugin Beaver Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS5.9AI score0.00532EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.5 views

PT-2024-16503 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the link url parameter in the audio widget, caused by insufficient...

6.4CVSS8AI score0.00532EPSS
Exploits0References7
wpexploit
wpexploit
added 2024/03/12 12:0 a.m.158 views

Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Create/Edit a Post, add an "Icon" block and...

5.9AI score0.00446EPSS
Exploits2References1
NVD
NVD
added 2024/02/05 10:16 p.m.18 views

CVE-2024-0508

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possib...

6.4CVSS5.7AI score0.00525EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/05/27 7:45 a.m.102 views

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

A critical security vulnerability has been disclosed in the Open Authorization OAuth implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs...

9.6CVSS8.3AI score0.2299EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/10/11 1:15 p.m.4 views

CVE-2021-40542

Opensis-Classic Version 8.0 is affected by cross-site scripting XSS. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php...

6.1CVSS6.3AI score0.02998EPSS
Exploits1References3
CNVD
CNVD
added 2020/07/23 12:0 a.m.3 views

Nagios XI Cross-Site Scripting Vulnerability (CNVD-2020-41877)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. A cross-site scripting vulnerability exists in Graph Explorer in Nagios XI versions prior to 5.7.2. An attacker can exploit this...

6.1CVSS6.2AI score0.35135EPSS
Exploits0References1
OSV
OSV
added 2020/07/22 10:15 p.m.6 views

CVE-2020-15902

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option...

6.1CVSS6.4AI score0.35135EPSS
Exploits0References3
Prion
Prion
added 2020/07/22 10:15 p.m.15 views

Design/Logic Flaw

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option...

4.3CVSS5.9AI score0.35135EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/11/13 8:29 p.m.18 views

CVE-2018-2491

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

7.8CVSS7.6AI score0.00787EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2015/11/28 2:15 a.m.17 views

port.rl.talis.com vulnerability

Vulnerable URL: https://port.rl.talis.com/link?url=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:| No Check...

6.9AI score
Exploits0
NVD
NVD
added 2012/09/19 7:55 p.m.26 views

CVE-2012-3373

Cross-site scripting XSS vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app...

4.3CVSS5.6AI score0.03279EPSS
Exploits0References6
Cvelist
Cvelist
added 2012/09/19 7:0 p.m.27 views

CVE-2012-3373

Cross-site scripting XSS vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app...

5.6AI score0.03279EPSS
Exploits0References6
Saint
Saint
added 2006/02/17 12:0 a.m.34 views

Lotus Notes HTML Speed Reader URL buffer overflow

Added: 02/17/2006 CVE: CVE-2005-2618 BID: 16576 OSVDB: 23068 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the HTML Speed Reader component of the Lotus Notes e-mail client allows command execution by a specially crafted e-mail message containing a lon...

9.3CVSS6.8AI score0.07922EPSS
Exploits8
Rows per page
Query Builder