Lucene search
K

1456 matches found

OSV
OSV
added 2021/08/09 10:15 a.m.4 views

CVE-2021-24509

The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the...

5.4CVSS6AI score0.00624EPSS
Exploits2References1
OSV
OSV
added 2021/07/26 6:15 p.m.2 views

UBUNTU-CVE-2021-36563

The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...

5.4CVSS6.3AI score0.0172EPSS
Exploits2References7
OSV
OSV
added 2021/07/23 6:15 p.m.4 views

CVE-2021-25790

Multiple stored cross site scripting XSS vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number...

5.4CVSS5.6AI score0.00878EPSS
Exploits2References3
OSV
OSV
added 2021/07/12 8:15 p.m.4 views

CVE-2021-24420

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table...

5.4CVSS6.1AI score0.00624EPSS
Exploits2References1
OSV
OSV
added 2021/07/07 1:15 p.m.4 views

CVE-2021-34620

The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...

8.8CVSS7.3AI score0.02633EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.6 views

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site request forgery vulnerability exists in versions of WordPress WP Fluent Forms plugin prior ...

8.8CVSS5.3AI score0.02633EPSS
Exploits1References3
OSV
OSV
added 2021/07/02 6:15 p.m.3 views

CVE-2020-36409

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module...

5.4CVSS5.9AI score0.00473EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/02 12:0 a.m.7 views

PHPList Cross-Site Scripting Vulnerability (CNVD-2021-48871)

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "List Description" field under the "Edit List" module...

5.4CVSS6AI score0.00516EPSS
Exploits1References1
PyPA
PyPA
added 2021/04/12 2:15 p.m.6 views

PYSEC-2021-147

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...

5.4CVSS6.7AI score0.0066EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/04/02 5:15 a.m.3 views

CVE-2021-30003

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add urladdress...

4.8CVSS5.8AI score0.00612EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/10 7:11 a.m.3 views

Multiple cross-site scripting vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Stored cross-site scripting vulnerability in Admin Page CWE-79...

6.1CVSS6.1AI score0.00947EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/02/22 12:0 a.m.7 views

Chatbox Cross-Site Scripting Vulnerability

GIST Chatbox is an intelligent product from GIST USA that provides forms and 24/7 automated meeting scheduling to increase website conversions. A cross-site scripting vulnerability exists in Chatbox, which stems from an unrestricted file upload in the chatbox, which can lead to the storage of XSS...

6.1CVSS6.2AI score0.011EPSS
Exploits1References4
OSV
OSV
added 2020/12/30 12:15 a.m.5 views

CVE-2020-35834

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10...

4.8CVSS5.8AI score0.00553EPSS
Exploits0References1
OSV
OSV
added 2020/12/30 12:15 a.m.3 views

CVE-2020-35837

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10...

4.8CVSS5.8AI score0.00675EPSS
Exploits0References1
OSV
OSV
added 2020/12/30 12:15 a.m.4 views

CVE-2020-35816

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30,...

4.8CVSS5.8AI score0.00553EPSS
Exploits0References1
OSV
OSV
added 2020/12/30 12:15 a.m.3 views

CVE-2020-35805

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30,...

4.8CVSS5.8AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/03 8:54 a.m.4 views

desknet's NEO vulnerable to cross-site scripting

Overview desknet's NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability CWE-79. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS5.9AI score0.00772EPSS
Exploits0References5
OSV
OSV
added 2020/11/16 3:15 p.m.6 views

CVE-2020-27459

Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed...

6.1CVSS6.4AI score0.00799EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/10/20 11:0 p.m.2 views

CVE-2020-24416

Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...

7.5CVSS6.7AI score0.01912EPSS
Exploits0References2
OSV
OSV
added 2020/10/20 10:15 p.m.4 views

CVE-2020-24416

Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...

6.1CVSS6.8AI score0.01912EPSS
Exploits0References1
Rows per page
Query Builder