Lucene search
K

362 matches found

OSV
OSV
added 2024/07/21 10:15 a.m.5 views

CVE-2024-6948

A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possib...

9.8CVSS5.4AI score0.00508EPSS
Exploits0References4
CVE
CVE
added 2024/07/21 9:31 a.m.50 views

CVE-2024-6948

CVE-2024-6948 affects Gargaj wuhu Slide Editor, specifically the /slideeditor.php file. The vulnerability stems from manipulating the newSlideFile argument, causing unrestricted upload, which can be exploited remotely. Several connected sources confirm the issue but do not provide concrete produc...

9.8CVSS6.5AI score0.00508EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/21 9:31 a.m.16 views

CVE-2024-6948 Gargaj wuhu Slide Editor slideeditor.php unrestricted upload

A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possib...

6.5CVSS7AI score0.00508EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/21 9:31 a.m.34 views

CVE-2024-6948 Gargaj wuhu Slide Editor slideeditor.php unrestricted upload

A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possib...

6.5CVSS0.00508EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/21 12:0 a.m.4 views

PT-2024-37987 · Gargaj · Gargaj

Name of the Vulnerable Software and Affected Versions: Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120 Description: A critical vulnerability has been found in the Slide Editor component of the affected software, specifically in the /slideeditor.php file. The issue arises from the...

9.8CVSS6.9AI score0.00508EPSS
Exploits0References8
OSV
OSV
added 2024/07/11 6:31 p.m.2 views

GHSA-9MVJ-F7W8-PVH2 Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...

6.4CVSS7.3AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/07/11 6:31 p.m.64 views

Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...

6.4AI score
Exploits0References5Affected Software6
OSV
OSV
added 2024/07/11 6:31 p.m.35 views

GHSA-VC8W-JR9V-VJ7F Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE ha...

6.4CVSS6.5AI score
Exploits0References5
Cvelist
Cvelist
added 2024/07/11 5:3 p.m.55 views

CVE-2024-6484

...

Exploits0
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.3 views

WordPress plugin Slider by 10Web Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

6.1CVSS6.8AI score0.00375EPSS
Exploits1References2
RubySec
RubySec
added 2024/07/11 12:0 a.m.29 views

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

6.2AI score
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/11 12:0 a.m.47 views

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

6.2AI score
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/01 5:15 a.m.8 views

CVE-2023-6382

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'cssclass' attribute. This mak...

5.4CVSS6AI score0.00323EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/01 12:0 a.m.9 views

PT-2024-14942 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue arises from insufficient input sanitization and output escaping on the user-supplied css class attribute in the...

6.4CVSS6.8AI score0.00323EPSS
Exploits0References7
CVE
CVE
added 2024/05/31 2:41 a.m.66 views

CVE-2024-5418

CVE-2024-5418 : The DethemeKit For Elementor WordPress plugin has a Stored Cross-Site Scripting (XSS) flaw in the De Product Tab & Slide widget via the slitems attribute. The issue affects all versions up to 2.1.4 due to insufficient input sanitization and output escaping for user-supplied attrib...

6.4CVSS5.9AI score0.00321EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/21 12:0 a.m.14 views

PT-2024-31214 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms slide info' shortcode due to insufficient input...

6.4CVSS6AI score0.00322EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/18 12:0 a.m.4 views

PT-2024-32315 · WordPress · Testimonial Carousel For Elementor

Name of the Vulnerable Software and Affected Versions: Testimonial Carousel For Elementor plugin for WordPress versions up to, and including, 10.1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticat...

6.4CVSS5.9AI score0.00413EPSS
Exploits0References11
OSV
OSV
added 2024/05/03 6:15 a.m.5 views

CVE-2024-3703

The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks...

4.7CVSS5.8AI score0.00497EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.7 views

PT-2024-22206 · WordPress · The Shopkeeper Extender

Name of the Vulnerable Software and Affected Versions: The Shopkeeper Extender plugin for WordPress versions up to, and including, 3.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'image slide' shortcode, allowi...

6.4CVSS6.9AI score0.00434EPSS
Exploits0References4
OSV
OSV
added 2024/03/02 12:16 p.m.3 views

CVE-2024-1449

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

5.4CVSS7.4AI score0.00433EPSS
Exploits0References2
Rows per page
Query Builder