Lucene search
K

1174 matches found

OSV
OSV
added 2024/01/17 7:15 a.m.7 views

CVE-2023-51721

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

5.4CVSS5.9AI score0.00358EPSS
Exploits0References1
OSV
OSV
added 2024/01/11 9:15 a.m.5 views

CVE-2023-4962

The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'videopopup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS7AI score0.0044EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/11 8:32 a.m.5 views

CVE-2023-6990 Weaver Xtreme <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta page-head-code. This makes it possible for authenticated attackers...

5.4CVSS6.8AI score0.00315EPSS
Exploits0References2
OSV
OSV
added 2023/12/19 2:15 a.m.8 views

CVE-2023-6488

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplie...

5.4CVSS6AI score0.00473EPSS
Exploits0References3
OSV
OSV
added 2023/12/15 11:15 a.m.1 views

CVE-2023-48553

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/12/15 11:15 a.m.5 views

CVE-2023-47064

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00562EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.5 views

PT-2023-8091 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form...

5.5CVSS4.5AI score0.00597EPSS
Exploits0References5
OSV
OSV
added 2023/12/12 10:15 p.m.6 views

CVE-2023-6710

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.6AI score0.02242EPSS
Exploits5References5
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.4 views

PT-2023-7840 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This...

5.5CVSS4.4AI score0.00562EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/12/07 7:15 a.m.5 views

CVE-2023-48839

Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS6AI score0.00419EPSS
Exploits1References3
OSV
OSV
added 2023/12/04 10:15 p.m.3 views

CVE-2023-5809

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0045EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.4 views

PT-2023-30654 · Unknown · Perfmatters

Name of the Vulnerable Software and Affected Versions: Perfmatters versions prior to 2.2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject maliciou...

6.5CVSS6.1AI score0.00368EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.3 views

WordPress plugin Web Push Notifications security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

5.4CVSS5.8AI score0.00426EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.7 views

PT-2023-30501 · Unknown · Donations Made Easy – Smart Donations

Name of the Vulnerable Software and Affected Versions: Donations Made Easy – Smart Donations versions 4.0.12 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Stored XSS. This means an attacker could potentially trick a user into...

7.1CVSS6.6AI score0.0022EPSS
Exploits0References3
OSV
OSV
added 2023/11/13 4:15 a.m.3 views

CVE-2023-47652

Cross-Site Request Forgery CSRF vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4...

6.1CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2023/11/13 4:15 a.m.4 views

CVE-2023-47516

Cross-Site Request Forgery CSRF vulnerability in Stark Digital Category Post List Widget allows Stored XSS.This issue affects Category Post List Widget: from n/a through 2.0...

6.1CVSS7.3AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.3 views

PT-2023-32295 · WordPress · Powr Plugin

Name of the Vulnerable Software and Affected Versions: POWR plugin for WordPress versions up to, and including, 2.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.5AI score0.00557EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/11/01 12:15 a.m.5 views

CVE-2023-47099

A Stored Cross-Site Scripting XSS vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server...

5.4CVSS5.9AI score0.00441EPSS
Exploits1References2
OSV
OSV
added 2023/10/31 12:15 p.m.5 views

CVE-2023-5073

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

5.4CVSS7AI score0.00403EPSS
Exploits1References2
OSV
OSV
added 2023/10/27 8:15 a.m.6 views

CVE-2023-46153

Unauth. Stored Cross-Site Scripting XSS vulnerability in UserFeedback Team User Feedback plugin = 1.0.9 versions...

6.1CVSS7.3AI score0.00354EPSS
Exploits0References1
Rows per page
Query Builder