Lucene search
K

130 matches found

RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.7 views

CVE-2025-12163

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

6.4CVSS6.1AI score0.00309EPSS
Exploits2References1
EUVD
EUVD
added 2025/11/24 3:9 a.m.4 views

EUVD-2025-198606

FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

5.1CVSS6.6AI score0.00386EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.3 views

WordPress plugin Broken Link Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS5.8AI score0.00147EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/18 8:27 a.m.4 views

CVE-2025-12406 Project Honey Pot Spam Trap <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...

6.1CVSS5AI score0.00127EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/12 9:16 a.m.9 views

CVE-2025-61623 Apache OFBiz: Reflected Cross-site Scripting

Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue...

0.00677EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.6 views

aEnrich a+HRD 跨站脚本漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A cross-site scripting vulnerability exists in aEnrich a+HRD, which originates from stored cross-site scripting and could allow a remote attacker with administrator privileges to inject persistent...

4.8CVSS6AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.4 views

PT-2025-46678

Name of the Vulnerable Software and Affected Versions CrushFTP version 11.3.6 48 Description A Cross Site Scripting XSS issue exists in CrushFTP. The web-based server’s file sharing feature reflects the filename to an email body field without proper sanitization, leading to potential HTML...

6.1CVSS5.9AI score0.00204EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.8 views

PT-2025-46262

Name of the Vulnerable Software and Affected Versions Simple Donate plugin for WordPress versions prior to 1.1 Description The Simple Donate plugin for WordPress is susceptible to Stored Cross-Site Scripting through the simpledonate shortcode. Insufficient input sanitization and output escaping o...

6.4CVSS5.2AI score0.00161EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.8 views

PT-2025-46320

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions 5723 and below Description ManageEngine Exchange Reporter Plus versions 5723 and below are susceptible to a Stored Cross-Site Scripting XSS issue within the Custom report functionality. This allows...

7.3CVSS5.5AI score0.00431EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.6 views

WordPress plugin YSlider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.1CVSS5.9AI score0.00126EPSS
Exploits0References3
CVE
CVE
added 2025/10/27 1:34 a.m.18 views

CVE-2025-62971

CVE-2025-62971 is a stored XSS vulnerability affecting CrestaProject Attesa Extra WordPress plugin (Attesa Extra) versions up to and including 1.4.5. Connected sources corroborate the flaw and specify stored XSS in input handling during web page generation, impacting Attesa Extra versions n/a thr...

6.5CVSS5.9AI score0.00151EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/10/25 3:23 a.m.10 views

Revive Adserver: Reflected XSS in account-preferences-plugin.php

A reflected cross-site scripting RXSS vulnerability was discovered in revive-adserver-6.0.1/www/admin/account-preferences-plugin.php via the group query parameter. Untrusted input was reflected without proper output encoding or context-aware escaping, allowing injection of JavaScript into the...

6.3CVSS6.4AI score0.00427EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.7 views

PT-2025-43266

Name of the Vulnerable Software and Affected Versions Chibueze Okechukwu SEO Pyramid seo-pyramid versions through 1.9.8 Description The software contains a flaw related to improper input handling during web page creation, specifically a Reflected Cross-Site Scripting XSS issue. This allows for th...

7.4CVSS6.2AI score0.00228EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.4 views

PT-2025-43159

Name of the Vulnerable Software and Affected Versions Shiva WSAnalytics versions through 1.1.2 Description A flaw exists in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards that allows for Reflected Cross-site Scripting XSS. This occurs due to improper neutralization of input during...

7.1CVSS6.3AI score0.00208EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/21 4:34 p.m.7 views

EUVD-2025-35183

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

6.9CVSS5.3AI score0.0022EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

Desknets Neo 跨站脚本漏洞

Desknets Neo is a remote office support software from Desknets Japan. A cross-site scripting vulnerability exists in Desknets Neo V9.0R2.0 and earlier versions, which originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScript...

5.4CVSS5.4AI score0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-3565

Malware in sbrugna...

5.4CVSS5.5AI score0.01053EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-2989

Malware in sbrugna...

5.4CVSS5.2AI score0.01077EPSS
Exploits1References5
OSV
OSV
added 2025/10/03 7:15 p.m.2 views

ALPINE-CVE-2025-46818

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

7.3CVSS8.7AI score0.00701EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.5 views

PT-2025-40592

Name of the Vulnerable Software and Affected Versions Redis versions 8.2.1 and below Description Redis, an in-memory database, has an issue where an authenticated user can use a crafted Lua script to manipulate LUA objects and potentially execute code in another user's context. This affects all...

9.9CVSS7.5AI score0.86767EPSS
Exploits25References181
Rows per page
Query Builder