Lucene search
K

76 matches found

CNNVD
CNNVD
added 2022/06/27 12:0 a.m.31 views

WordPress plugin Easy SVG Support 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Easy SVG Support plugin 3.3....

5.4CVSS5.1AI score0.00571EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.508 views

Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG

The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads As an author or above, upload the below SVG file via the Media library: alert/XSS/; The XSS will be triggered when accessing the file directly, e...

5.4CVSS5.3AI score0.00571EPSS
Exploits2
Patchstack
Patchstack
added 2022/06/01 12:0 a.m.34 views

WordPress Easy SVG Support plugin <= 3.2.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via SVG

Authenticated Stored Cross-Site Scripting XSS vulnerability via SVG discovered by Luan Pedersini in WordPress Easy SVG Support plugin versions = 3.2.0. Solution Update the WordPress Easy SVG Support plugin to the latest available version at least 3.3.0...

5.4CVSS2.9AI score0.00571EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2022/02/10 12:0 a.m.29 views

WordPress SVG Support plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress SVG Support plugin in versions prior to 2.3.20 suffers from a cross-site scripting vulnerability, which stems from a lack of data validation filtering of user-supplied data and output...

4.8CVSS2.3AI score0.00654EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/02/08 12:0 a.m.14 views

WordPress SVG Support Plugin < 2.3.20 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:benbodhi:svgsupport"; ifdescription...

4.8CVSS5.1AI score0.00654EPSS
Exploits2References1
OSV
OSV
added 2022/02/01 1:15 p.m.5 views

CVE-2021-24686

The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00654EPSS
Exploits2References2
NVD
NVD
added 2022/02/01 1:15 p.m.20 views

CVE-2021-24686

The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00654EPSS
Exploits2References2
CVE
CVE
added 2022/02/01 12:21 p.m.63 views

CVE-2021-24686

The CVE-2021-24686 entry concerns the WordPress SVG Support plugin prior to 2.3.20, where the plugin fails to escape the CSS Class to target setting when output in an attribute. This allows XSS by high-privilege users, even if unfiltered_html is disallowed. Public sources in connected docs confir...

4.8CVSS4.7AI score0.00654EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.5 views

WordPress plugin SVG Support 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress SVG Support plugin in versions prior to 2.3.20 suffers from a cross-site scripting vulnerability, which stems from a lack of data validation filtering of user-supplied data and output...

4.8CVSS5.6AI score0.00654EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2022/01/03 12:0 a.m.20 views

SVG Support < 2.3.20 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC With the Advanced Mode enabled, put the following payload in...

4.8CVSS1.8AI score0.00654EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/01/03 12:0 a.m.14 views

WordPress SVG Support plugin <= 2.3.19 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress SVG Support plugin versions = 2.3.19. Solution Update the WordPress SVG Support plugin to the latest available version at least 2.3.20...

4.8CVSS1.4AI score0.00654EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/06/05 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.

The vulnerability of Google Chrome’s browser in the implementation of SVG components arises from the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure by using a specially crafted document...

7.5CVSS7.7AI score0.01618EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.37 views

CentOS Update for thunderbird CESA-2011:1165 centos5 x86_64

Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2011:1165 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

10CVSS0.2AI score0.05263EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2012/05/19 12:0 a.m.23 views

Squiggle 1.7 - SVG Browser Java Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Squiggle 1.7 SVG...

7.4AI score
Exploits0
0day.today
0day.today
added 2012/05/18 12:0 a.m.15 views

Squiggle 1.7 SVG Browser Java Code Execution

Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2012/05/17 2:48 p.m.22 views

Squiggle 1.7 SVG Browser Java Code Execution

This module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted SVG file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: 1 It must support at least SVG version...

8.3AI score
Exploits0
Rows per page
Query Builder