Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3447 matches found

Positive Technologies
Positive Technologiesadded 2021/11/15 12:0 a.m.3 views

PT-2021-23224 · Rubygems · Rails Multisite

Name of the Vulnerable Software and Affected Versions: rails multisite versions prior to 4 Description: The issue impacts Rails applications using rails multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an...

8.8CVSS8.6AI score0.00198EPSS
Exploits0References9
CNNVD
CNNVDadded 2021/11/15 12:0 a.m.2 views

Rails 加密问题漏洞

Rails is a set of open source web application frameworks based on the Ruby language from the Rails team. A cryptographic issue vulnerability exists in Rails multisite, where an attacker may be able to reuse cookies on different sites in multiple Rails applications...

8.8CVSS7.8AI score0.00198EPSS
Exploits0References3
CNNVD
CNNVDadded 2021/11/01 12:0 a.m.2 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Google Maps Easy due to...

4.8CVSS5.2AI score0.00631EPSS
Exploits1References5
OSV
OSVadded 2021/10/21 8:15 p.m.2 views

CVE-2021-39356

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web...

4.8CVSS5.9AI score0.0083EPSS
Exploits1References3
OSV
OSVadded 2021/10/21 8:15 p.m.2 views

CVE-2021-39357

The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the /class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affec...

4.8CVSS5.8AI score0.00653EPSS
Exploits1References3
OSV
OSVadded 2021/10/21 8:15 p.m.0 views

CVE-2021-39348

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $customprofile parameter found in the /inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in version...

4.8CVSS5.8AI score0.00653EPSS
Exploits1References3
OSV
OSVadded 2021/10/21 8:15 p.m.1 views

CVE-2021-39328

The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $jobboardprivacypolicylabel variable echo'd out via the /admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access t...

4.8CVSS5.8AI score0.00653EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2021/10/21 12:0 a.m.1 views

PT-2021-22554 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress WordPress plugin versions up to and including 4.1.3.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient escaping on the custom profile parameter in the /inc/admin/views/backend-user-profile.php...

5.5CVSS4.9AI score0.00653EPSS
Exploits1References7
OSV
OSVadded 2021/10/19 3:15 p.m.2 views

CVE-2021-39329

The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in...

4.8CVSS5.8AI score0.00976EPSS
Exploits1References3
OSV
OSVadded 2021/10/19 3:15 p.m.0 views

CVE-2021-39355

The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject...

4.8CVSS5.8AI score0.0083EPSS
Exploits1References3
OSV
OSVadded 2021/10/19 3:15 p.m.2 views

CVE-2021-39343

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in...

4.8CVSS5.8AI score0.0083EPSS
Exploits1References3
OSV
OSVadded 2021/10/15 1:15 p.m.1 views

CVE-2021-39345

The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...

4.8CVSS5.8AI score0.00598EPSS
Exploits1References3
OSV
OSVadded 2021/10/15 1:15 p.m.1 views

CVE-2021-39338

The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, i...

4.8CVSS5.8AI score0.00598EPSS
Exploits1References3
OSV
OSVadded 2021/10/15 1:15 p.m.2 views

CVE-2021-39336

The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to a...

4.8CVSS5.8AI score0.00653EPSS
Exploits1References3
OSV
OSVadded 2021/10/15 1:15 p.m.0 views

CVE-2021-39332

The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This...

4.8CVSS5.8AI score0.00421EPSS
Exploits0References1
OSV
OSVadded 2021/10/15 1:15 p.m.0 views

CVE-2021-39334

The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjbexpin and the psjbcurrin parameters found in the /job-settings.php file which allowed attackers with administrative user access to inject arbitrary...

4.8CVSS5.8AI score0.00653EPSS
Exploits1References3
OSV
OSVadded 2021/10/15 1:15 p.m.0 views

CVE-2021-39344

The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary w...

4.8CVSS5.8AI score0.0083EPSS
Exploits1References3
OSV
OSVadded 2021/10/15 1:15 p.m.3 views

CVE-2021-39337

The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/jobsfunction.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions ...

4.8CVSS5.8AI score0.00598EPSS
Exploits1References3
OSV
OSVadded 2021/10/15 1:15 p.m.2 views

CVE-2021-39335

The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to...

4.8CVSS5.8AI score0.00598EPSS
Exploits1References3
CNNVD
CNNVDadded 2021/10/15 12:0 a.m.1 views

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin that stems from insufficient input validation and cleanup in the Business Manager plugin, which makes it vulnerable to stored cross-site scripting, allowing an...

5.5CVSS5.1AI score0.00421EPSS
Exploits0References3
Rows per page
Query Builder