Lucene search
K

172 matches found

Patchstack
Patchstack
added 2023/10/25 12:0 a.m.12 views

WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Category SEO Meta Tags Type Plugin Vulnerable versions = 2.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46618 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c59090fd2bb0 Credits LEE SE HYOUNG...

8.8CVSS6.5AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.8 views

WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Category SEO Meta Tags Type Plugin Vulnerable versions = 2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46091 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4500a2d3e3df Credits LEE SE HYOUNG...

5.9CVSS5.7AI score0.0031EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/09/28 2:15 p.m.3 views

CVE-2023-43874

Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...

5.4CVSS6.1AI score0.00628EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/09/28 2:15 p.m.3 views

CVE-2023-43874

Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...

5.4CVSS6.3AI score0.00628EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.7 views

PT-2023-29019 · E017 Cms · E017 Cms

Name of the Vulnerable Software and Affected Versions: e017 CMS version 2.3.2 Description: A Cross Site Scripting XSS issue allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. This enables the attacker to perfor...

5.4CVSS6.7AI score0.00628EPSS
Exploits1References5
NVD
NVD
added 2023/07/12 8:15 a.m.16 views

CVE-2021-4426

The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metaboxreviewsave function. This makes it possible for unauthenticated attackers to save meta tags via a forge...

4.3CVSS4.2AI score0.005EPSS
Exploits1References9
NVD
NVD
added 2023/07/12 7:15 a.m.17 views

CVE-2021-4421

The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metaboxpopupsave function. This makes it possible for unauthenticated attackers to save meta tags via a forged...

4.3CVSS4.2AI score0.0035EPSS
Exploits0References9
Prion
Prion
added 2023/07/12 7:15 a.m.10 views

Cross site request forgery (csrf)

The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metaboxpopupsave function. This makes it possible for unauthenticated attackers to save meta tags via a forged...

4.3CVSS4.3AI score0.0035EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.5 views

WordPress Plugin Advanced Popups 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS4.8AI score0.0035EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.3 views

SUSE CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5.3CVSS8.3AI score0.01578EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.4 views

Hundredrabbits Left 跨站脚本漏洞

Hundredrabbits Left is a non-intrusive plain text editor from Hundredrabbits. A cross-site scripting vulnerability exists in Hundredrabbits Left version 7.1.5, which stems from the presence of cross-site scripting XSS that allows an attacker to execute arbitrary code via meta tags...

6.1CVSS6.4AI score0.00448EPSS
Exploits1References2
NVD
NVD
added 2022/06/06 12:15 p.m.16 views

CVE-2021-42245

FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...

6.1CVSS0.00678EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/06 12:15 p.m.3 views

CVE-2021-42245

FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...

6.1CVSS5.6AI score0.00678EPSS
Exploits1References2
OSV
OSV
added 2022/06/06 12:15 p.m.14 views

CVE-2021-42245

FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...

6.1CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/06/06 12:15 p.m.15 views

Cross site scripting

FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...

4.3CVSS6AI score0.00678EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/06/06 11:5 a.m.75 views

CVE-2021-42245

FlatCore-CMS 2.0.9 is affected by a cross-site scripting (XSS) vulnerability in pages.edit.php triggered via meta tags and content sections. Root cause is insecure handling of user-supplied metadata/content in that page, enabling injection of JavaScript. Reported impacts in public sources include...

6.1CVSS5.9AI score0.00678EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/06 11:5 a.m.21 views

CVE-2021-42245

FlatCore-CMS 2.0.9 has a cross-site scripting XSS vulnerability in pages.edit.php through meta tags and content sections...

6.2AI score0.00678EPSS
Exploits1References1
Snyk
Snyk
added 2022/05/17 10:7 a.m.2 views

Information Exposure

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Information Exposure. When a request is made to a password-protected article, the UI shows it requires a password to view content, but the content of...

8.8CVSS6.9AI score0.01192EPSS
Exploits1References2
Veracode
Veracode
added 2022/05/17 7:55 a.m.21 views

Information Disclosure

publifycore is vulnerable to information disclosure. The vulnerability exists in showarticle function in articlescontroller.rb because the content of the article in meta tags of a response is not properly restricted which allows an attacker to view the contents of password-protected articles...

4.9CVSS5AI score0.01192EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.4 views

Lyon Bros Turtlapp Turtle Note 跨站脚本漏洞

Lyon Bros Turtlapp Turtle Note is a secure, collaborative notebook from Lyon Bros. Use it to save notes, bookmarks, passwords, ideas, dream journals, photos, documents and anything else you want to keep safe. A security vulnerability exists in Turtlapp Turtle Note version v0.7.2.6, which stems fr...

9CVSS8.2AI score0.00969EPSS
Exploits1References3
Rows per page
Query Builder