Lucene search
+L

10710 matches found

nuclei
nuclei
added 7 hours ago10 views

Privacy Policy Genius - Cross-Site Scripting

Privacy Policy Genius WordPress plugin v2.0.4 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13219...

6.1CVSS7AI score0.0056EPSS
Exploits1References2
nuclei
nuclei
added 7 hours ago16 views

PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting

PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting XSS via the "action" parameter of index.php. id: CVE-2023-40751 info: name: PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | PHPJabbers Fundraising Script v1.0 is...

6.1CVSS6.4AI score0.01044EPSS
Exploits0References2
nuclei
nuclei
added 7 hours ago55 views

Altenergy Power Control Software - SQL Injection

A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function getstatuszigbee of the file /index.php/display/statuszigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated...

6.5CVSS6.5AI score0.03725EPSS
Exploits0References3
nuclei
nuclei
added 7 hours ago25 views

Hostel < 1.1.5.3 - Cross-Site Scripting

The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-3753 info: name: Hostel 1.1.5.3 - Cross-Site Scriptin...

5.9CVSS6.1AI score0.00807EPSS
Exploits1References2
nuclei
nuclei
added 7 hours ago20 views

TOTVS Fluig Platform - Cross-Site Scripting

A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...

6.1CVSS4.3AI score0.02379EPSS
Exploits1References3
nuclei
nuclei
added 7 hours ago54 views

phpIPAM 1.5.1 - Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. id: CVE-2023-0676 info: name: phpIPAM 1.5.1 - Cross-site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to 1.5....

6.1CVSS6.3AI score0.01532EPSS
Exploits1References2
nuclei
nuclei
added 7 hours ago41 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. id: CVE-2018-7196 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.5AI score0.02482EPSS
Exploits1References2
nuclei
nuclei
added 7 hours ago74 views

Cacti < 1.2.25 Insecure Deserialization

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. id: CVE-2023-30534 info: name: Cacti 1.2.25 Insecure Deserialization author: k0pak4 severity: medium description: | Cacti is an open source...

4.3CVSS6.7AI score0.02569EPSS
Exploits1References5
nuclei
nuclei
added 7 hours ago92 views

Hestiacp <= 1.7.7 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. id: CVE-2023-3479 info: name: Hestiacp = 1.7.7 - Cross-Site Scripting author: edoardottt severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to...

6.1CVSS6.1AI score0.01293EPSS
Exploits1References3
nuclei
nuclei
added 7 hours ago153 views

phpIPAM - 1.6 - Cross-Site Scripting

phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.5AI score0.03904EPSS
Exploits3References2
nuclei
nuclei
added 7 hours ago100 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...

5.4CVSS6.3AI score0.00874EPSS
Exploits1References3
nuclei
nuclei
added 7 hours ago52 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

5.4CVSS6.3AI score0.00929EPSS
Exploits1References3
nuclei
nuclei
added 7 hours ago63 views

WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect

WordPress WebP Converter for Media 4.0.3 contains a file passthru.php which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-25074 info: name: WordPress WebP Converter for Media 4.0.3 - Unauthenticated Open Redirect author:...

6.1CVSS6.4AI score0.02505EPSS
Exploits2References4
nuclei
nuclei
added 7 hours ago45 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.4AI score0.03419EPSS
Exploits1References4
nuclei
nuclei
added 7 hours ago65 views

SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18518 info: name: SMTP by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.4AI score0.01621EPSS
Exploits1References4
nuclei
nuclei
added 7 hours ago34 views

Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. id: CVE-2017-18556 info: name: Google Analytics by BestWebSoft 1.7.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-analytics plugin before 1.7.1 for WordPress has...

6.1CVSS6.4AI score0.01384EPSS
Exploits1References4
nuclei
nuclei
added 7 hours ago30 views

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...

4.3CVSS6.2AI score0.08732EPSS
Exploits1References5
nuclei
nuclei
added 7 hours ago66 views

Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.0141EPSS
Exploits1References4
nuclei
nuclei
added 7 hours ago69 views

BestWebSoft's Twitter < 2.55 - Cross-Site Scripting

The twitter-plugin plugin before 2.55 for WordPress has XSS. id: CVE-2017-18505 info: name: BestWebSoft's Twitter 2.55 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The twitter-plugin plugin before 2.55 for WordPress has XSS. impact: | Authenticated attackers can...

6.1CVSS6.4AI score0.01652EPSS
Exploits1References4
nuclei
nuclei
added 7 hours ago89 views

WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting

WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

5.5CVSS6.3AI score0.01193EPSS
Exploits0References5
Rows per page
Query Builder