CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

OSV•added 2024/10/02 8:15 a.m.•2 views

CVE-2024-8800

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...

6.1CVSS5.9AI score0.01995EPSS

Exploits0References3

Positive Technologies•added 2024/09/30 12:0 a.m.•2 views

PT-2024-39350 · WordPress · Broken Link Checker

Name of the Vulnerable Software and Affected Versions: Broken Link Checker plugin for WordPress versions up to, and including, 2.4.0 Description: The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg in...

7.1CVSS6.4AI score0.02356EPSS

Exploits0References10

Positive Technologies•added 2024/09/25 12:0 a.m.•4 views

PT-2024-39193 · WordPress · Kodex Posts Likes Plugin

Name of the Vulnerable Software and Affected Versions: Kodex Posts likes plugin for WordPress versions up to, and including, 2.5.0 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts int...

6.1CVSS7.3AI score0.01344EPSS

Exploits0References6

NVD•added 2024/09/14 11:15 p.m.•13 views

CVE-2024-8863

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the...

5.4CVSS0.00134EPSS

Exploits1References4

OSV•added 2024/09/13 3:15 p.m.•2 views

CVE-2024-8714

The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.0107EPSS

Exploits0References5

Positive Technologies•added 2024/03/14 12:0 a.m.•3 views

PT-2024-20561 · Mha Sistemas · Mha Sistemas Armhazena

Name of the Vulnerable Software and Affected Versions: MHA Sistemas arMHAzena version 9.6.0.0 Description: A problematic vulnerability has been found in the Cadastro Page component, allowing for cross-site scripting through the manipulation of the Query argument. This issue can be exploited...

4CVSS6.3AI score0.0009EPSS

Exploits0References8

Cvelist•added 2022/11/02 12:0 a.m.•17 views

CVE-2022-43982 Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument...

6.1AI score0.01135EPSS

Exploits0References2

Positive Technologies•added 2022/02/25 12:0 a.m.•2 views

PT-2022-12314 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.2.3 and below Description: The "Trigger DAG with config" screen in Apache Airflow is susceptible to XSS attacks via the origin query argument. Recommendations: For Apache Airflow versions 2.2.3 and below, consider...

6.1CVSS5.9AI score0.02835EPSS

Exploits0References11

Positive Technologies•added 2019/10/23 12:0 a.m.•2 views

PT-2019-7494 · Edd · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...

6.1CVSS6.1AI score0.00472EPSS

Exploits0References4