CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin StreamWeasels Online Status Bar versions = 2.1.9...

6.4CVSS5.8AI score0.00109EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/11/21 5:33 a.m.•14 views

CVE-2024-11438 StreamWeasels Online Status Bar <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The StreamWeasels Online Status Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-status-bar' shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS0.00109EPSS

Exploits0References2

Patchstack•added 2024/11/21 12:0 a.m.•10 views

WordPress StreamWeasels Online Status Bar Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software StreamWeasels Online Status Bar Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11438 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8a75c1958227 Credits Peter...

6.4CVSS5.8AI score0.00109EPSS

Exploits0References3Affected Software1

CNNVD•added 2023/03/16 12:0 a.m.•1 views

SAMSUNG Mobile Devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile Devices PhoneStatusBarPolicy in System UI SMR Mar-2023 Release 1 version, which stems from a...

6.2CVSS4.8AI score0.0006EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 6:20 a.m.•2 views

SUSE CVE-2004-0527

KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack...

5CVSS7AI score0.02828EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 6:16 a.m.•1 views

SUSE CVE-2005-3699

Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site...

5CVSS6.9AI score0.00351EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 6:5 a.m.•1 views

SUSE CVE-2009-0253

Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack...

6.8CVSS6.8AI score0.03872EPSS

Exploits0References3

OSV•added 2023/01/26 9:15 p.m.•1 views

CVE-2022-20458

The logs of sensitive information PII or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey directly in logs, whic...

5.5CVSS5.8AI score0.00054EPSS

Exploits0References1

Positive Technologies•added 2023/01/24 12:0 a.m.•2 views

PT-2023-12647 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to Android-12L Description: The issue concerns the logging of sensitive information, such as personally identifiable information PII or hardware identifiers, in Android builds. Specifically, the...

5.5CVSS5.1AI score0.00054EPSS

Exploits0References3

ATTACKERKB•added 2022/10/11 8:15 p.m.•3 views

CVE-2022-20415

In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS5.9AI score0.00016EPSS

Exploits0References2

OSV•added 2022/10/11 8:15 p.m.•0 views

CVE-2022-20415

7.8CVSS5.9AI score

Exploits0References1

CNNVD•added 2022/10/03 12:0 a.m.•1 views

Google Pixel 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android due to a logic error in the StatusBarNotificationActivityStarter.java The vulnerability is due to a logic error in the handleFullScreenIntent code of...

7.8CVSS7.2AI score0.00016EPSS

Exploits0References3

OSV•added 2022/01/14 8:15 p.m.•1 views

CVE-2021-39628

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

3.3CVSS5.9AI score

Exploits0References1

OSV•added 2021/06/21 5:15 p.m.•3 views

CVE-2021-0478

In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for...

7.8CVSS5.9AI score

Exploits0References1

OSV•added 2020/12/18 9:15 a.m.•1 views

CVE-2020-35550

An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. Attackers can bypass Factory Reset Protection FRP via StatusBar. The Samsung ID is SVE-2020-17888 December 2020...

9.8CVSS7.3AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by