Lucene search
K

87 matches found

CVE
CVE
added 2019/01/09 11:0 p.m.48 views

CVE-2016-10736

CVE-2016-10736 affects the WordPress plugin Social Pug - Easy Social Share Buttons, before version 1.2.6. The vulnerability is an XSS in the wp-admin/admin.php?page=dpsp-toolkit with the dpsp_message_class parameter. Public sources (NVD entry and multiple vulnerability databases) describe it as a...

6.1CVSS6AI score0.01105EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/12/09 12:0 a.m.18 views

Social Share Buttons - Social Pug <= 1.2.5 - Authenticated Cross-Site Scripting (XSS)

The Grow by Mediavine WordPress plugin was affected by a Social Pug = 1.2.5 - Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.4AI score0.01105EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2016/12/09 12:0 a.m.10 views

WordPress Social Pug Plugin <= 1.2.5 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability. It allows attackers to inject arbitrary JavaScript or HTML code. Solution Update the plugin...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2016/12/09 12:0 a.m.5 views

WordPress Social Pug Plugin <= 1.2.5 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability. It allows attackers to inject arbitrary JavaScript or HTML code. Solution Update the plugin...

3.7AI score
Exploits0References2Affected Software1
Atlassian
Atlassian
added 2014/09/04 1:4 a.m.20 views

Draft retrieval in the editor doesn't respect page or space permissions

Drafts are supposed to be per user and private but given a draft id, which should be easy to guess as they are sequential, you can access the contents of any draft, both for new and existing pages by using the following urls:...

1.1AI score
Exploits0
Atlassian
Atlassian
added 2013/08/30 6:26 p.m.20 views

/rest/menu/1.0/appswitcher displays data unauthenticated

"Calling" this function returns data without any authentication required: noformat curl https://support.atlassian.com/rest/menu/latest/appswitcher | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 787 0 787 0 0 531 0...

7.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 1976/01/01 12:0 a.m.18 views

CVE-2024-36361

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

7.3AI score0.00491EPSS
Exploits0References2
Rows per page
Query Builder