Lucene search
K

217 matches found

CNNVD
CNNVD
added 2024/11/11 12:0 a.m.6 views

Moodle 安全漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from some hidden user profile fields being visible in...

5.3CVSS6.1AI score0.00323EPSS
Exploits0References3
OSV
OSV
added 2024/07/29 7:15 p.m.2 views

CVE-2024-37856

Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page...

5.4CVSS5.8AI score0.00299EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.4 views

PT-2024-5531 · Apache · Apache Roller

Name of the Vulnerable Software and Affected Versions: Apache Roller versions 5.0.0 through 6.1.2 Description: The issue is caused by insufficient input validation and sanitation in features such as Profile name & screenname, Bookmark name & description, and blogroll name. This allows an...

5.4CVSS5.4AI score0.00752EPSS
Exploits0References9
NVD
NVD
added 2024/02/05 10:15 p.m.25 views

CVE-2023-6983

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...

4.3CVSS4.3AI score0.00472EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.40 views

CVE-2023-6982 Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplie...

6.4CVSS5.8AI score0.00416EPSS
Exploits0References2
OSV
OSV
added 2024/01/29 5:15 p.m.3 views

CVE-2024-1010

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is...

5.4CVSS3.9AI score0.00575EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/11/18 12:0 a.m.7 views

PT-2023-32556 · WordPress · Paid Memberships Pro

Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro plugin for WordPress versions up to, and including, 2.12.3 Description: The issue arises from insufficient file type validation in the pmpro paypalexpress session vars for user fields function. This allows authenticated...

8.8CVSS9.4AI score0.51535EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/08/23 12:0 a.m.6 views

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that originates from the fact that any registered user can execute arbitrary scripts with programmatic privileges using th...

9.9CVSS8.2AI score0.00983EPSS
Exploits0References4
Prion
Prion
added 2023/01/30 9:15 p.m.15 views

Cross site scripting

The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...

4.9CVSS5.4AI score0.00548EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/30 8:31 p.m.34 views

CVE-2022-4831 Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode

The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...

5.6AI score0.00548EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.3 views

WordPress plugin Custom User Profile Fields for User Registration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS5.5AI score0.00548EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/01/06 12:0 a.m.17 views

WordPress Custom User Profile Fields Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software Custom User Profile Fields Type Plugin Vulnerable versions = 1.8 Fixed in 1.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4831 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 02766634c7d2 Credits István...

5.4CVSS5.9AI score0.00548EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/24 12:0 a.m.7 views

The vulnerability of the Moodle course management system lies in the insufficient cleaning of user data in several “social” fields of the user profile. This allows attackers to carry out attacks using cross-site scripting (XSS).

The vulnerability of the Moodle course management system is related to insufficient cleaning of user data in several “social” fields of the user’s profile. Exploiting this vulnerability allows a malicious actor to carry out attacks using cross-site scripting XSS...

6.4CVSS5.6AI score0.00655EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2022/11/23 3:15 p.m.4 views

UBUNTU-CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...

5.4CVSS6.3AI score0.00655EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.36 views

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.11.0 and later, 3.11.1 and earlier, 4.0.0 and later, and 4.0.5 and...

5.4CVSS6.4AI score0.00655EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.7 views

CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...

7AI score0.00655EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.4 views

PT-2022-5979 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient sanitization of user-supplied data in several "social" user profile fields, which can allow a remote attacker to inject and execute arbitrary HTML and...

9.8CVSS6.7AI score0.0663EPSS
Exploits2References67
OSV
OSV
added 2022/10/31 9:15 p.m.5 views

CVE-2022-40288

The application was vulnerable to an authenticated Stored Cross-Site Scripting XSS in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile...

9CVSS5.8AI score0.00621EPSS
Exploits0References1
OSV
OSV
added 2022/05/16 3:15 p.m.5 views

CVE-2022-1051

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.01248EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.5 views

CVE-2022-1051

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.01248EPSS
Exploits2References2
Rows per page
Query Builder