Lucene search
K

145 matches found

Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.5 views

PT-2024-39640 · WordPress · Auto Iframe

Name of the Vulnerable Software and Affected Versions: Auto iFrame plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to Stored Cross-Site Scripting via the tag parameter due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6AI score0.00325EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/10/08 7:14 p.m.5 views

WordPress Auto iFrame plugin <= 1.7 - Authenticated (Author+) Stored Cross-Site Scripting via tag Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via tag Parameter vulnerability discovered by tjoffe in WordPress Plugin Auto iFrame versions = 1.7...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/08/29 6:15 p.m.1 views

CVE-2024-44777

A reflected cross-site scripting XSS vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

9.6CVSS6AI score0.0067EPSS
Exploits2References2
CVE
CVE
added 2024/08/29 12:0 a.m.56 views

CVE-2024-44777

vTiger CRM 7.4.0 is affected by a reflected XSS in the tag parameter on the index page, enabling an attacker to execute arbitrary code in a user’s browser. The vulnerability is described across multiple sources (RH and NVD/NVD-derived records) with attacker-controlled payloads triggering code exe...

9.6CVSS6AI score0.0067EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/29 12:0 a.m.15 views

CVE-2024-44777

A reflected cross-site scripting XSS vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

6AI score0.0067EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.6 views

PT-2024-26328 · WordPress · The Ultimate Blocks

Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks – WordPress Blocks Plugin versions up to, and including, 3.1.9 Description: The issue is related to Stored Cross-Site Scripting via the title tag parameter due to insufficient input sanitization and output escaping. This...

6.4CVSS6.1AI score0.00282EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/03 12:0 a.m.7 views

PT-2024-32308 · WordPress · The Cowidgets – Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Cowidgets – Elementor Addons plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting via the heading tag parameter due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00349EPSS
Exploits0References8
OSV
OSV
added 2024/05/14 4:17 p.m.6 views

CVE-2024-4624

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eaelexttoctitletag’ parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output...

5.4CVSS5.9AI score0.00441EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/14 12:19 p.m.5 views

WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via titletag Parameter vulnerability discovered by João G. Barbosa 4rCanJ0x! in WordPress Plugin Visual Portfolio, Photo Gallery & Post Grid versions = 3.3.2...

6.4CVSS5.8AI score0.00396EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/02 5:15 p.m.5 views

CVE-2024-1396

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00414EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.6 views

BEESCMS Cross-Site Scripting Vulnerability

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in BEESCMS version 4.0, which stems from the fact that incorrect manipulation of the parameter tag can lead to cross-site scripting...

4.8CVSS5.8AI score0.00433EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.5 views

Infosoftbd Clcknshop SQL Injection Vulnerability

Infosoftbd Clcknshop is a multi-tenant/multi-tenant SAAS based e-commerce platform from Infosoftbd. Infosoftbd Clcknshop suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulation of the parameter tag can lead to sql injection...

9.8CVSS8.4AI score0.45639EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2023/09/01 12:0 a.m.5 views

PT-2023-30297 · Infosoftbd · Clcknshop

Name of the Vulnerable Software and Affected Versions: Infosoftbd Clcknshop version 1.0.0 Description: A critical issue affects the processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the tag argument leads to sql injection. The attack may be initiat...

9.8CVSS6.8AI score0.45639EPSS
Exploits3References7
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.305 views

FOG Forum 0.8 Cross Site Scripting

==================================================================================================================================== | Title : FOG Forum v0.8 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/11 12:0 a.m.338 views

Easy Web Portal 2.1.1 Cross Site Scripting

==================================================================================================================================== | Title : Easy Web Portal v2.1.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/19 12:0 a.m.5190 views

Clip Share 4.1.4 Cross Site Scripting

==================================================================================================================================== | Title : Clip Share 4.1.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.24 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

8.8CVSS5.9AI score0.0078EPSS
Exploits0References21
OSV
OSV
added 2023/04/12 6:30 p.m.30 views

GHSA-38JC-2RWX-QGXR Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation

Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries. Job configurations using Image Tag Parameters that were created before 2.0 will have SSL/TLS certificate validation disabled by default...

5.3CVSS6.7AI score0.00458EPSS
Exploits0References3
NVD
NVD
added 2023/04/12 6:15 p.m.14 views

CVE-2023-30516

Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...

6.5CVSS6.5AI score0.00458EPSS
Exploits0References2
OSV
OSV
added 2023/04/12 6:15 p.m.5 views

CVE-2023-30516

Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...

6.5CVSS5.8AI score0.00458EPSS
Exploits0References2
Rows per page
Query Builder