Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3443 matches found

OSV
OSVadded 2015/08/31 6:59 p.m.0 views

UBUNTU-CVE-2014-2330

Multiple cross-site request forgery CSRF vulnerabilities in the Multisite GUI in CheckMK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that 1 upload arbitrary snapshots, 2 delete arbitrary files, or possibly have other unspecified impact via unknown...

6.8CVSS6.1AI score0.00127EPSS
Exploits1References4
CVE
CVEadded 2015/08/31 6:0 p.m.58 views

CVE-2014-2330

CVE-2014-2330 corresponds to multiple CSRF flaws in the Check_MK Multisite GUI prior to version 1.2.5i2. The issue allows remote attackers to perform authenticated actions on behalf of users, including uploading arbitrary snapshots and deleting arbitrary files, via unknown vectors. Affected produ...

6.8CVSS6.3AI score0.00127EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2015/08/31 6:0 p.m.23 views

CVE-2014-2330

Multiple cross-site request forgery CSRF vulnerabilities in the Multisite GUI in CheckMK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that 1 upload arbitrary snapshots, 2 delete arbitrary files, or possibly have other unspecified impact via unknown...

6.3AI score0.00127EPSS
Exploits1References3
0day.today
0day.todayadded 2015/08/27 12:0 a.m.28 views

WordPress YouTube Embed 3.3.2 Cross Site Scripting Vulnerability

WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability. Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium;...

3.5CVSS5.9AI score0.00501EPSS
Exploits2
Packet Storm
Packet Stormadded 2015/08/26 12:0 a.m.49 views

WordPress YouTube Embed 3.3.2 Cross Site Scripting

Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N Description ================ A stored XSS vulnerability in YouTube Embed 3.3.2 and...

3.5CVSS6.7AI score0.00501EPSS
Exploits2
RedHat Linux
RedHat Linuxadded 2015/07/29 4:26 a.m.3 views

check-mk: multiple flaws fixed in versions 1.2.4p4 and 1.2.5i4

Multiple cross-site scripting XSS vulnerabilities in the multisite component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 renderstatusicons function in htmllib.py or 2 ajaxaction functio...

3.5CVSS5.8AI score0.00288EPSS
Exploits0References4
Patchstack
Patchstackadded 2015/05/15 12:0 a.m.10 views

WordPress Multisite Plugin Manager Plugin <= 3.1.1 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2015/05/15 12:0 a.m.13 views

WordPress Multisite Plugin Manager Plugin <= 3.1.1 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDBadded 2015/04/27 12:0 a.m.26 views

WPS Hide Login 1.0 - CSRF

CSRF security issue when saving option value in single site and multisite mode...

6.8CVSS1.7AI score0.00382EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDBadded 2014/09/16 6:15 p.m.24 views

WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite

...

2.1CVSS2AI score0.00634EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2014/08/18 11:15 a.m.19 views

CVE-2014-5240

Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...

2.1CVSS5.2AI score0.00634EPSS
Exploits0References4
OSV
OSVadded 2014/08/18 11:15 a.m.1 views

DEBIAN-CVE-2014-5240

Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...

2.1CVSS5.6AI score0.00634EPSS
Exploits0References1
OSV
OSVadded 2014/08/18 11:15 a.m.0 views

UBUNTU-CVE-2014-5240

Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...

2.1CVSS5.9AI score0.00634EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2014/08/18 11:15 a.m.30 views

CVE-2014-5240

Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...

2.1CVSS6AI score0.00634EPSS
Exploits0References2
Prion
Prionadded 2014/08/18 11:15 a.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...

2.1CVSS5.7AI score0.00634EPSS
Exploits0References4Affected Software2
Debian CVE
Debian CVEadded 2014/08/18 10:0 a.m.33 views

CVE-2014-5240

Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...

2.1CVSS3.9AI score0.00634EPSS
Exploits0
CVE
CVEadded 2014/08/18 10:0 a.m.94 views

CVE-2014-5240

CVE-2014-5240 is an XSS in WordPress prior to 3.9.2 (Multisite enabled) affecting wp-includes/pluggable.php via a crafted avatar URL. The vulnerability allows remote authenticated administrators to inject arbitrary script/HTML and can enable a Super Admin privilege escalation. The issue is docume...

2.1CVSS5.2AI score0.00634EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2014/08/18 10:0 a.m.26 views

CVE-2014-5240

Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...

5.1AI score0.00634EPSS
Exploits0References4
NVD
NVDadded 2014/07/22 2:55 p.m.16 views

CVE-2014-5019

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use...

5CVSS6.3AI score0.00375EPSS
Exploits0References2
Prion
Prionadded 2014/07/22 2:55 p.m.19 views

Design/Logic Flaw

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use...

5CVSS6.9AI score0.00375EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder