Lucene search
K

12 matches found

CVE
CVE
added 2026/04/13 12:0 a.m.6 views

CVE-2025-63743

Snipe-IT web-based asset management system (v8.3.0–v8.3.1) is affected by an authenticated stored XSS: an attacker with login privileges can inject JavaScript via the Name/Surname fields, executed when the Activity Report or a profile is viewed if Display Name is not set. The issue is fixed in v8...

5.4CVSS5.9AI score0.00287EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 2:59 a.m.8 views

CVE-2023-1403

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary...

6.4CVSS5.4AI score0.00531EPSS
Exploits2References1
NVD
NVD
added 2024/02/07 5:15 a.m.26 views

CVE-2024-0256

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2024/02/07 5:15 a.m.4 views

CVE-2024-0256

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2023/06/09 6:15 a.m.5 views

CVE-2023-1403

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary...

5.4CVSS7.4AI score0.00531EPSS
Exploits2References2
NVD
NVD
added 2023/06/09 6:15 a.m.22 views

CVE-2023-1403

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary...

6.4CVSS5.9AI score0.00531EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.19 views

CVE-2023-1403 Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary...

6.4CVSS6.8AI score0.00531EPSS
Exploits2References3
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.48 views

CVE-2023-1403 Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary...

6.4CVSS6AI score0.00531EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.9 views

PT-2023-16961 · WordPress · Weaver Show Posts Plugin

Name of the Vulnerable Software and Affected Versions: Weaver Show Posts Plugin for WordPress versions up to, and including, 1.6 Description: The issue is related to stored Cross-Site Scripting due to insufficient escaping of the profile display name. This allows authenticated attackers with...

6.4CVSS5.8AI score0.00508EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.16 views

Weaver Xtreme Theme < 6.2 - Contributor+ Stored Cross-Site Scripting

The theme does not properly escape the profile display name, leading to a stored Cross-Site Scripting vulnerability...

6.4CVSS6.1AI score0.00531EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/01 12:0 a.m.20 views

Weaver Show Posts < 1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly escape the profile display name, leading to stored Cross-Site Scripting vulnerabilities...

6.4CVSS6AI score0.00508EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2008/02/20 12:0 a.m.28 views

projectpier-xssxsrf.txt

====================================================================== ProjectPier Impact: Cross Site Scripting Cross Site Request Forgery Status: patch available ------------------------------ Affected software description: ------------------------------ Application: ProjectPier Version: = 0.80...

7.4AI score
Exploits0
Rows per page
Query Builder