Lucene search
+L

124 matches found

CNNVD
CNNVD
added 2024/08/23 12:0 a.m.6 views

ZOHO ManageEngine ServiceDesk Plus和SupportCenter Plus 安全漏洞

ZOHO ManageEngine ServiceDesk Plus SDP and ZOHO ManageEngine SupportCenter Plus are both products of ZOHO, Inc.ZOHO ManageEngine ServiceDesk Plus is a suite of ITIL architecture-based ZOHO ManageEngine ServiceDesk Plus is an ITIL-based IT service management software. The software integrates...

6.3CVSS5.8AI score0.01202EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/06 12:0 a.m.9 views

PT-2024-27643 · Unknown · Image Hover Effects - Caption Hover With Carousel

Name of the Vulnerable Software and Affected Versions: Image Hover Effects - Caption Hover with Carousel versions 3.0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

6.5CVSS5.8AI score0.00237EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/07/05 1:33 p.m.6 views

WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Masamichi Aoki Patchstack Alliance in WordPress Plugin Comment Reply Email versions = 1.3...

7.1CVSS6.2AI score0.00223EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/06/25 6:15 a.m.7 views

CVE-2024-4757

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

8.1CVSS5.8AI score0.00464EPSS
Exploits2References1
OSV
OSV
added 2024/06/21 6:15 a.m.3 views

CVE-2024-5448

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfo...

5.4CVSS5.8AI score0.00315EPSS
Exploits2References1
OSV
OSV
added 2024/06/13 8:15 a.m.6 views

CVE-2024-26088

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.00717EPSS
Exploits0References1
OSV
OSV
added 2024/06/08 3:15 p.m.4 views

CVE-2024-35705

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through 1.4.4...

5.4CVSS5.8AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2024/03/12 10:15 a.m.4 views

CVE-2023-4728

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...

5.4CVSS5.8AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2024/02/29 1:43 a.m.6 views

CVE-2024-1242

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2023/12/04 11:15 p.m.4 views

CVE-2023-40461

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...

4.8CVSS5.8AI score0.00456EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.7 views

PT-2023-23252 · Baidu · Baidu Tongji Generator

Name of the Vulnerable Software and Affected Versions: Baidu Tongji generator versions n/a through 1.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Haoqisir Baidu Tongji generator. Recommendations: For versions n/a through 1.0.2, as a...

7.1CVSS6.7AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2023/10/02 11:15 a.m.3 views

CVE-2023-44242

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin = 1.3.54 versions...

5.4CVSS7.3AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.7 views

PT-2023-28073 · Yydevelopment · Back To The Top Button

Name of the Vulnerable Software and Affected Versions: YYDevelopment Back To The Top Button plugin versions = 2.1.5 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For YYDevelopment...

5.9CVSS5.3AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 2023/03/13 5:15 p.m.5 views

CVE-2022-4466

The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS6AI score0.00478EPSS
Exploits2References1
OSV
OSV
added 2022/12/19 2:15 p.m.7 views

CVE-2022-4125

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well...

4.3CVSS5.9AI score0.00285EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/27 9:15 a.m.7 views

CVE-2022-1913

The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

4.3CVSS5.8AI score0.00412EPSS
Exploits2References2
NVD
NVD
added 2021/10/19 1:15 p.m.16 views

CVE-2021-38468

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...

8.7CVSS0.00537EPSS
Exploits0References1
Prion
Prion
added 2021/10/19 1:15 p.m.11 views

Cross site scripting

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...

3.5CVSS6AI score0.00537EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 12:10 p.m.25 views

CVE-2021-38468 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...

8.7CVSS8.7AI score0.00537EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/02 5:51 p.m.25 views

CVE-2020-36413

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module...

5.3AI score0.00473EPSS
Exploits1References1
Rows per page
Query Builder