Lucene search
K

156 matches found

CNNVD
CNNVD
added 2024/06/22 12:0 a.m.7 views

WordPress Plugin Mosaic Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6AI score0.00257EPSS
Exploits0References3
OSV
OSV
added 2024/05/16 11:15 a.m.6 views

CVE-2024-4288

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible f...

5.4CVSS5.9AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2024/03/13 4:15 p.m.5 views

CVE-2024-0896

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

5.4CVSS6AI score0.00505EPSS
Exploits0References3
OSV
OSV
added 2024/03/13 4:15 p.m.6 views

CVE-2024-0871

The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'flbuilderdatanodepreviewlink' and 'flbuilderdatasettingslinktarget' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This...

5.4CVSS7.4AI score0.00399EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/02/17 5:15 a.m.4 views

CVE-2024-21497

Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirecturl parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability,...

6.1CVSS5.9AI score0.00503EPSS
Exploits0References4
OSV
OSV
added 2024/01/10 4:15 p.m.4 views

CVE-2023-49864

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLimage parameter...

6.5CVSS5.9AI score0.01072EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.4 views

WordPress Plugin Ad Inserter Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.5CVSS6.7AI score0.00512EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/09/25 9:15 p.m.6 views

CVE-2023-42426

Cross-site scripting XSS vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component...

6.1CVSS6.8AI score0.00793EPSS
Exploits1References4
OSV
OSV
added 2023/09/16 9:15 a.m.4 views

CVE-2023-3025

The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

7.2CVSS7.4AI score0.0038EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.11 views

NeoMind Fusion Platform 跨站脚本漏洞

NeoMind Fusion Platform is an Artificial Intelligence AI solution designed to provide intelligent diagnosis, treatment, and assisted decision support in the healthcare field. A cross-site scripting vulnerability exists in NeoMind Fusion Platform, which stems from the parameter link in the file...

6.1CVSS4.1AI score0.00488EPSS
Exploits1References4
OSV
OSV
added 2023/04/05 6:30 p.m.20 views

GHSA-JVJX-QQH7-6X6C thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the FAQ News link parameter. This has been fixed in 3.1.12...

8.1CVSS5.3AI score0.00532EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.15 views

Django AJAX Utilities 跨站脚本漏洞

Django AJAX Utilities are some of Mobile Vikings individual developer's utilities that make paging and tabbing easier. A cross-site scripting vulnerability exists in Django AJAX Utilities 1.2.1 and earlier versions, which stems from a security issue in the function Pagination in the file...

6.1CVSS4.5AI score0.00564EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.2 views

youngcart5 跨站脚本漏洞

youngcart5 is an open source shopping center program from kagla open source. A cross-site scripting vulnerability exists in versions prior to youngcart5 5.4.5.1, which stems from incorrect manipulation of the parameter melink leading to cross-site scripting...

6.1CVSS4.3AI score0.00505EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.3 views

PT-2022-11744 · Unknown · Gnuboard Youngcart5

Name of the Vulnerable Software and Affected Versions: gnuboard youngcart5 versions up to 5.4.5.1 Description: A vulnerability has been found in gnuboard youngcart5, where the manipulation of the argument me link in the file adm/menu list update.php leads to cross site scripting. This issue can b...

6.1CVSS4.2AI score0.00505EPSS
Exploits0References8
Prion
Prion
added 2022/08/30 5:15 a.m.18 views

Buffer overflow

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service...

3.3CVSS6.7AI score0.00435EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/30 4:25 a.m.28 views

CVE-2022-26529 Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service...

6.5CVSS6.9AI score0.00435EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/30 4:2 a.m.5 views

CVE-2022-26529

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service...

6.5CVSS6.1AI score0.00435EPSS
Exploits0References2
NVD
NVD
added 2022/08/08 2:15 p.m.26 views

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

7.5CVSS0.00953EPSS
Exploits1References1
OSV
OSV
added 2022/08/08 2:15 p.m.5 views

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

7.5CVSS5.8AI score0.00953EPSS
Exploits1References1
Prion
Prion
added 2022/08/08 2:15 p.m.19 views

Design/Logic Flaw

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

5CVSS7.5AI score0.00953EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder