Lucene search
K

42 matches found

CNNVD
CNNVD
added 2026/01/07 12:0 a.m.7 views

WordPress plugin Stumble! for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.1CVSS5.9AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.12 views

PT-2025-51876

Name of the Vulnerable Software and Affected Versions SLiMS slims9 bulian versions prior to 9.6.0 Description The software contains a reflected cross-site scripting XSS issue due to improper handling of the $ SERVER'PHP SELF' variable in the index.php/sysconfig.inc.php file. This allows a remote...

6.1CVSS6AI score0.00184EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.6 views

CVE-2025-14125

The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.6AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.4 views

CVE-2025-14132

The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.6 views

CVE-2025-14129

The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.5 views

CVE-2025-13988

The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 3:21 a.m.16 views

CVE-2025-14138

CVE-2025-14138 : WPLG Default Mail From (WordPress) is vulnerable to Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] in all versions up to 1.0.0. Affected: WordPress plugin WPLG Default Mail From; exploitation possible by tricking an authenticated? no—un/authenticated user? The descriptio...

6.1CVSS5.3AI score0.00204EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.27 views

CVE-2025-13988 评论小秘书 <= 1.3.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...

6.1CVSS0.00204EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.28 views

CVE-2025-14129 Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-14129 Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.3AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.9 views

PT-2025-50842

The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $ SERVER'PHP SELF' variable in the plugin's settings page. This...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50852

The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.6AI score0.00204EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.12 views

CVE-2025-13894

The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.6AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2025/03/04 7:15 p.m.3 views

CVE-2025-1949

A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenterapi/code/registernodb.php of the component URL Handler. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

6.1CVSS3.8AI score0.00458EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/02/04 12:0 a.m.5 views

PT-2023-10821 · Unknown · Mobiledetect

Name of the Vulnerable Software and Affected Versions: MobileDetect version 2.8.31 Description: A problematic issue has been found in MobileDetect, affecting the initLayoutType function of the examples/session example.php file in the Example component. The manipulation of the argument $ SERVER'PH...

6.1CVSS4.3AI score0.02634EPSS
Exploits2References13
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.6 views

PT-2022-27234

Name of the Vulnerable Software and Affected Versions sproctor php-calendar affected versions not specified Description A problematic vulnerability was found in sproctor php-calendar, affecting an unknown part of the file index.php. The manipulation of the argument $ SERVER'PHP SELF' leads to cro...

6.1CVSS3.2AI score0.00571EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.4 views

PHP-Calendar 跨站脚本漏洞

PHP-Calendar is a calendar application by Sean Proctor Individual Developer. PHP-Calendar suffers from a code injection vulnerability that originates in an unknown section of the component index.php, where manipulation of the parameter $SERVER PHPSELF can lead to cross-site scripting...

6.1CVSS4.4AI score0.00571EPSS
Exploits0References5
Snyk
Snyk
added 2022/05/17 2:31 a.m.3 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted PATHINFO in a URL. An attacker can inject arbitrary code by manipulating the unsanitized $SERVER'PHPSELF' used to generate URLs. Details Cross-site scriptin...

6.1CVSS5.4AI score0.01754EPSS
Exploits1References2
OSV
OSV
added 2021/09/10 2:15 p.m.7 views

CVE-2021-38332

The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1...

6.1CVSS6.4AI score0.00895EPSS
Exploits1References2
OSV
OSV
added 2021/09/10 2:15 p.m.3 views

CVE-2021-38327

The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0...

6.1CVSS6.4AI score0.00938EPSS
Exploits1References2
Rows per page
Query Builder