Lucene search
K

282 matches found

CVE
CVE
added 2025/09/09 4:33 p.m.14 views

CVE-2025-58989

CVE-2025-58989 affects the WordPress plugin Dynamic Text Field For Contact Form 7 and is a Stored XSS caused by improper input neutralization during web page generation. Affected versions are up to 1.0; remediation per connected details is to upgrade to 2.0.22 or later (patched). No exploitation ...

6.5CVSS5.9AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36809

Name of the Vulnerable Software and Affected Versions: Dynamic Text Field For Contact Form 7 versions through 1.0 Description: The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Stored Cross-site Scripting XSS. Recommendations:...

6.5CVSS5.7AI score0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.3 views

WordPress plugin Dynamic Text Field For Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.5CVSS5.6AI score0.00154EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/23 6:30 a.m.10 views

Liferay Portal stored cross-site scripting in text field of the web content structure

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject...

6.9CVSS5.5AI score0.00181EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2014-5022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors...

4.3CVSS6.2AI score0.00995EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.4 views

NCR Atleos Terminal Handler 安全漏洞

NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A security vulnerability exists in NCR Atleos Terminal Handler version 1.5.1, which stems from insufficient validation of text...

9.8CVSS6.9AI score0.00528EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:45 a.m.11 views

CVE-2024-25874

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

5.4CVSS5.2AI score0.00397EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.4 views

CVE-2024-26491

A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field...

6.1CVSS5.7AI score0.00436EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:23 a.m.4 views

CVE-2024-3190

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS5.1AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.9 views

CVE-2024-25876

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

6.1CVSS5.7AI score0.00443EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:15 a.m.23 views

CVE-2022-41431

xzs v3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

5.4CVSS6AI score0.00628EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:14 a.m.8 views

CVE-2022-46485

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...

7.5CVSS6.9AI score0.01038EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:54 p.m.23 views

CVE-2022-43121

A cross-site scripting XSS vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field...

6.1CVSS5.7AI score0.0058EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.5 views

CVE-2022-40472

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module...

8CVSS8.3AI score0.00904EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:53 p.m.9 views

CVE-2022-31302

maccms8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Server Group text field...

5.4CVSS6AI score0.00398EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:52 p.m.6 views

CVE-2022-31303

maccms10 was discovered to contain a stored cross-site scripting XSS vulnerability via the Server Group text field...

5.4CVSS6AI score0.00398EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.8 views

CVE-2022-26198

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

9.8CVSS7.8AI score0.01582EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.8 views

CVE-2022-45033

A cross-site scripting XSS vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field...

5.4CVSS5.8AI score0.00465EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.7 views

CVE-2021-25057

The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting XSS within the Project Key text field found in the plugin's settings...

5.4CVSS5.6AI score0.00591EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.5 views

CVE-2021-24168

The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...

5.4CVSS5.2AI score0.00628EPSS
Exploits1References1
Rows per page
Query Builder