Lucene search
K

36 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/20 4:23 p.m.6 views

CVE-2026-40488

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete...

8.7CVSS6AI score0.00691EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/20 4:19 p.m.34 views

CVE-2026-40098 OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

5.3CVSS0.00176EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33803

Name of the Vulnerable Software and Affected Versions Magento Long Term Support LTS versions prior to 20.17.0 Description The product custom option file upload feature uses an incomplete blocklist forbidden extensions = php,exe to prevent dangerous file uploads. This restriction can be bypassed b...

8.8CVSS6.3AI score0.00691EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:40 a.m.3 views

CVE-2017-4540

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:38 a.m.1 views

CVE-2017-4493

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:29 a.m.1 views

CVE-2017-4214

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:27 a.m.2 views

CVE-2017-4161

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 4:10 a.m.4 views

CVE-2017-17834

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
Circl
Circl
added 2025/10/21 9:2 p.m.7 views

CVE-2017-20208

creationtimestamp| type| source ---|---|--- 2025-10-21 21:02:30+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m3qa4aure32j...

9.8CVSS5.8AI score0.00644EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36959

Name of the Vulnerable Software and Affected Versions: Halo versions prior to v2.20.17 Description: Halo is susceptible to a Cross Site Scripting XSS issue in the /halo host/archives/name API endpoint. The vulnerability resides in the handling of the name parameter, allowing for potential script...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:6 a.m.3 views

CVE-2023-5162

The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00556EPSS
Exploits0References1
OSV
OSV
added 2023/09/27 3:19 p.m.9 views

CVE-2023-5162

The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS6AI score0.00556EPSS
Exploits0References3
Prion
Prion
added 2023/09/27 3:19 p.m.18 views

Cross site scripting

The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.9CVSS5.2AI score0.00556EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.5 views

WordPress plugin Options for Twenty Seventeen Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6AI score0.00556EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/09/26 12:0 a.m.14 views

Options for Twenty Seventeen < 2.5.1 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize user-supplied input nor escape output for the 'social-links' shortcode. This leads to a Stored Cross-Site Scripting vulnerability, where an authenticated user with contributor-level permissions can inject arbitrary web scripts that execute wheneve...

6.4CVSS5.8AI score0.00556EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.8 views

WordPress Options for Twenty Seventeen Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Options for Twenty Seventeen Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5162 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9e49c78b87c5 Credits Lana Codes...

6.4CVSS6AI score0.00556EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.5 views

SUSE CVE-2017-0882

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC...

6.3CVSS6.9AI score0.01057EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.3 views

SUSE CVE-2017-11146

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an independently fixable security issue relative to CVE-2017-11145. Notes: none...

8.5AI score
Exploits0References8
WPVulnDB
WPVulnDB
added 2022/12/21 12:0 a.m.19 views

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Put the...

5.4CVSS1.5AI score0.00471EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/21 12:0 a.m.134 views

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Put the...

5.4CVSS0.5AI score0.00471EPSS
Exploits2
Rows per page
Query Builder