Lucene search
K

127 matches found

CVE
CVE
added 2025/03/12 12:0 a.m.42 views

CVE-2024-34398

The CVE-2024-34398 entry concerns BMC Remedy Mid Tier 7.6.04 where the web application is vulnerable to stored HTML injection. The vulnerability is triggered by authenticated remote attackers and has a CVSS v3.1 base score of 4.2 (Medium). The underlying impact is limited to confidentiality and i...

4.2CVSS7AI score0.00228EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.4 views

BMC Remedy Mid Tier 安全漏洞

BMC Remedy Mid Tier is an application from BMC USA, Inc. It is used to act as a client for the Remedy AR System server and a server for the browser. A security vulnerability exists in BMC Remedy Mid Tier version 7.6.04 that originates from allowing an authenticated, remote attacker to perform...

4.2CVSS6.6AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2025/01/02 10:43 p.m.5 views

GHSA-WW33-JPPQ-QFRP phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

5.2CVSS6.2AI score0.00403EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/01/02 5:27 p.m.5 views

CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

5.2CVSS7.2AI score0.00403EPSS
Exploits1References1
OSV
OSV
added 2025/01/02 5:27 p.m.6 views

CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

5.2CVSS6.8AI score0.00403EPSS
Exploits1References3
NVD
NVD
added 2024/12/17 9:15 p.m.22 views

CVE-2024-55059

A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...

6.1CVSS0.00195EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/17 12:0 a.m.12 views

CVE-2024-55059

A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php...

0.00195EPSS
Exploits1References1
CVE
CVE
added 2024/12/17 12:0 a.m.49 views

CVE-2024-55059

CVE-2024-55059 concerns HTML injection in the PHPGurukul Online Birth Certificate System v1.0, triggered by input submitted to /user/certificate-form.php. Connected sources consistently describe the vulnerability as arising from insufficient filtering/escaping of user data, allowing injection of ...

6.1CVSS7.1AI score0.00195EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/10/02 6:15 a.m.4 views

CVE-2024-9174

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...

6.9CVSS5.4AI score0.00271EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/02 5:56 a.m.23 views

CVE-2024-9174 Stored HTML Injection in Hubshare social module

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...

6.9CVSS0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/13 3:45 p.m.50 views

CVE-2024-34697 Freescout vulnerable to Stored HTML Injection in Editing Received Emails

FreeScout is a free, self-hosted help desk and shared mailbox. A stored HTML Injection vulnerability has been identified in the Email Receival Module of the Freescout Application. The vulnerability allows attackers to inject malicious HTML content into emails sent to the application's mailbox. Th...

7.6CVSS7.9AI score0.00575EPSS
Exploits1References2
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2023-6046

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.0043EPSS
Exploits2References1
NVD
NVD
added 2024/01/16 4:15 p.m.19 views

CVE-2023-6046

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.1AI score0.0043EPSS
Exploits2References1
Prion
Prion
added 2024/01/16 4:15 p.m.18 views

Design/Logic Flaw

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

4.3CVSS6.7AI score0.0043EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 3:54 p.m.5 views

CVE-2023-6046 EventON < 2.2 - Admin+ Stored HTML Injection

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

5AI score0.0043EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/16 3:54 p.m.28 views

CVE-2023-6046 EventON < 2.2 - Admin+ Stored HTML Injection

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

5.4AI score0.0043EPSS
Exploits2References1
CVE
CVE
added 2024/01/16 3:54 p.m.47 views

CVE-2023-6046

The CVE-2023-6046 entry describes a vulnerability in the EventON WordPress plugin prior to version 2.2. The issue is caused by insufficient sanitization and escaping of certain settings, enabling stored HTML injection by high-privilege users (e.g., admins) even when unfiltered_html is disallowed....

4.8CVSS5AI score0.0043EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.5 views

PT-2024-14861 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 2.2 Description: The issue allows high privilege users, such as admin, to perform Stored HTML Injection attacks even when the unfiltered html capability is disallowed, due to the plugin not sanitizin...

4.8CVSS4.9AI score0.0043EPSS
Exploits2References6
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.3 views

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.8CVSS6.7AI score0.0043EPSS
Exploits2References2
wpexploit
wpexploit
added 2023/11/09 12:0 a.m.131 views

EventON < 2.2 - Admin + Stored HTML Injection

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed. 1. Go to the Virtual Event - This is a virtual online event. 2. Configure...

4.8CVSS6.9AI score0.0043EPSS
Exploits2
Rows per page
Query Builder