Lucene search
+L

181 matches found

NVD
NVD
added 2025/09/04 12:15 p.m.6 views

CVE-2025-41063

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

5.4CVSS0.00162EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/04 11:45 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the s parameter in /apprain/developer/debug-log/db. An attacker can execute arbitrary scripts in the context of the authenticated user's browser by crafting malicious input. Details Cross-site scripting or X...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.5 views

CVE-2023-23489

The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edddownloadsearch' action...

9.8CVSS8.2AI score0.11172EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 p.m.6 views

CVE-2021-35458

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

9.8CVSS7.3AI score0.02447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 p.m.7 views

CVE-2021-24940

The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.01477EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.4 views

CVE-2021-24979

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.01868EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:49 a.m.9 views

CVE-2016-10994

The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...

6.1CVSS6AI score0.01252EPSS
Exploits2References1
OSV
OSV
added 2025/02/28 6:15 a.m.2 views

CVE-2025-1511

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes...

6.1CVSS7.4AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.5 views

PT-2025-9059 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership plugin for WordPress versions up to, and including, 4.0.4 Description: The issue is related to Reflected Cross-Site Scripting via the s parameter due to insufficient input sanitization and output escaping. This...

6.1CVSS8.8AI score0.00294EPSS
Exploits0References10
OSV
OSV
added 2025/02/13 10:15 a.m.5 views

CVE-2024-13867

The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS7.4AI score0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.11 views

PT-2025-6618 · WordPress · Listivo

Name of the Vulnerable Software and Affected Versions: Listivo - Classified Ads WordPress Theme versions up to, and including, 2.3.67 Description: The issue is related to Reflected Cross-Site Scripting via the s parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS8.7AI score0.0027EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.3 views

WordPress plugin Timeline Designer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

4.9CVSS8.9AI score0.0049EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.10 views

PT-2024-35689 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.2 Splunk Enterprise versions prior to 9.2.4 Splunk Enterprise versions prior to 9.1.7 Splunk Cloud Platform versions prior to 9.2.2406.107 Splunk Cloud Platform versions prior to 9.2.2403.109 Splunk Clo...

5.7CVSS7.2AI score0.00464EPSS
Exploits0References6
OSV
OSV
added 2024/11/28 9:15 a.m.8 views

CVE-2024-11684

The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

6.1CVSS6AI score0.00398EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.6 views

WordPress plugin Kudos Donations 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS7.8AI score0.00398EPSS
Exploits0References3
OSV
OSV
added 2024/10/23 2:15 p.m.7 views

CVE-2024-10250

The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

6.1CVSS6AI score0.00309EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/23 1:58 p.m.34 views

CVE-2024-10250 Nioland <= 1.2.6 - Reflected Cross-Site Scripting via s

The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

6.1CVSS0.00309EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.6 views

PT-2024-16137 · WordPress · Nioland Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Nioland theme for WordPress versions up to, and including, 1.2.6 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject...

6.1CVSS6.5AI score0.00309EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.4 views

WordPress plugin Nioland 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.1CVSS6.2AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2024/10/10 1:15 a.m.7 views

UBUNTU-CVE-2024-48949

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S.gtesig.eddsa.curve.n || sig.S.isNeg" validation...

9.1CVSS6.7AI score0.00507EPSS
Exploits0References4
Rows per page
Query Builder