Lucene search
+L

147 matches found

Cvelist
Cvelist
added 2024/10/01 12:0 a.m.27 views

CVE-2024-46081

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform...

0.00304EPSS
Exploits1References1
OSV
OSV
added 2024/09/09 2:28 p.m.15 views

CVE-2024-40643 Joplin has a parsing error leading to Cross-site Scripting (XSS)

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...

9.6CVSS6.3AI score0.00748EPSS
Exploits1References4
NVD
NVD
added 2024/08/29 11:15 a.m.30 views

CVE-2024-3944

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...

4.8CVSS0.00318EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.5 views

WordPress plugin WP To Do 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.8AI score0.00318EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.9 views

The vulnerability of the wptodo_addcomment function in the WordPress To Do plugin, a content management system for websites, allows a hacker to perform a CSRF attack.

The vulnerability of the wptodoaddcomment function in the WordPress To Do plugin, a content management system for websites, is related to the of cross-site requests due to incorrect validation of the value of the nonce cookie. Exploiting this vulnerability could allow an attacker to execute a CSR...

5CVSS5.4AI score0.00224EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/06 1:15 p.m.26 views

CVE-2024-37539

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0...

6.5CVSS0.00277EPSS
Exploits0References1
OSV
OSV
added 2024/07/06 1:15 p.m.7 views

CVE-2024-37539

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0...

5.4CVSS5.8AI score0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/06 12:13 p.m.34 views

CVE-2024-37539 WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0...

6.5CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2024/07/06 12:13 p.m.54 views

CVE-2024-37539

CVE-2024-37539 is a Stored XSS vulnerability in the WP To Do (Delower WP To Do) WordPress plugin, affectin g WP To Do versions from n/a up to 1.3.0. The connected Wordfence entry lists the vulnerability as Unpatched for WP To Do ≤ 1.3.0, and notes the issue is an improper neutralization of input ...

6.5CVSS6.2AI score0.00277EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/06 12:13 p.m.17 views

CVE-2024-37539 WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0...

6.5CVSS6.8AI score0.00277EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/06 12:10 p.m.6 views

WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by younsoung kim, SeoHyeon Lee, MyungJu Kim, SeoHee Kang in WordPress Plugin WP To Do versions = 1.3.0...

6.5CVSS6.1AI score0.00277EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/07/06 12:0 a.m.7 views

WordPress plugin WP To Do security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS6.8AI score0.00277EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/06 12:0 a.m.11 views

WordPress WP To Do Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WP To Do Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37539 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e78be231480 Credits younsoung kim, SeoHyeon Lee, MyungJu Kim, SeoHe...

6.5CVSS6.6AI score0.00277EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/10 8:15 a.m.3 views

CVE-2024-35723

Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 8:15 a.m.30 views

CVE-2024-35723

Missing Authorization vulnerability in Andrew Dashboard To-Do List dashboard-to-do-list.This issue affects Dashboard To-Do List: from n/a through = 1.2.0...

8.8CVSS0.00333EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/10 7:50 a.m.27 views

CVE-2024-35723 WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0...

4.3CVSS7AI score0.00333EPSS
Exploits0References1
CVE
CVE
added 2024/06/10 7:50 a.m.52 views

CVE-2024-35723

Technical details about CVE-2024-35723 are not provided in the connected documents. The sources mention a Missing Authorization issue for Dashboard To-Do List up to 1.2.0, but no specifics on exploit vectors, impacts, or fixes.

8.8CVSS5.9AI score0.00333EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/10 7:50 a.m.50 views

CVE-2024-35723 WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew Dashboard To-Do List dashboard-to-do-list.This issue affects Dashboard To-Do List: from n/a through = 1.2.0...

4.3CVSS0.00333EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/06/06 11:52 a.m.5 views

WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Dashboard To-Do List versions = 1.2.0...

8.8CVSS7AI score0.00333EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.16 views

WordPress Dashboard To-Do List Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Dashboard To-Do List Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35723 Patch priority Low CVSS severity Low 4.3 Developer Andrew Rapps PSID e4b3c03fafe1 Credits CatFather Required privileg...

8.8CVSS6.6AI score0.00333EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder