Lucene search
K

55 matches found

Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.4 views

PT-2023-2918 · Mitel · Mitel Mivoice Connect

Name of the Vulnerable Software and Affected Versions: Mitel MiVoice Connect versions through 19.3 SP2 Mitel MiVoice Connect versions 20.x Mitel MiVoice Connect versions 21.x Mitel MiVoice Connect versions 22.x through 22.24.1500.0 Description: The issue is related to insufficient validation for...

7.8CVSS6.7AI score0.0041EPSS
Exploits0References5
NVD
NVD
added 2023/05/10 6:15 a.m.48 views

CVE-2023-30777

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...

7.1CVSS6.3AI score0.38768EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.13 views

PT-2023-14582 · Unknown · Squirrly Seo Plugin

Name of the Vulnerable Software and Affected Versions: Squirrly SEO Plugin versions prior to 12.1.20 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them...

7.1CVSS6.3AI score0.0041EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2023/02/28 12:0 a.m.269 views

Osprey Pump Controller 1.0.1 Cross Site Scripting

Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSS Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...

0.3AI score
Exploits0
0day.today
0day.today
added 2023/02/28 12:0 a.m.298 views

Osprey Pump Controller 1.0.1 Cross Site Scripting Vulnerability

Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSS Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...

0.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/02/27 12:0 a.m.288 views

Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSS

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

7.5CVSS6.7AI score0.00835EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/02/02 8:28 a.m.10 views

CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

4.8AI score0.01204EPSS
Exploits3References1
Cvelist
Cvelist
added 2023/02/02 8:28 a.m.39 views

CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

5.4AI score0.01204EPSS
Exploits3References1
Cvelist
Cvelist
added 2022/10/27 8:55 a.m.20 views

CVE-2021-45476 Information disclosure in Yordam Library Information Document Automation Program

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability...

4.7CVSS5AI score0.00357EPSS
Exploits0References2
NVD
NVD
added 2021/08/06 9:15 p.m.25 views

CVE-2021-38157

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS0.01119EPSS
Exploits1References4
CVE
CVE
added 2021/08/06 8:58 p.m.112 views

CVE-2021-38157

The CVE-2021-38157 entry concerns LeoStream Connection Broker 9.x prior to 9.0.34.3, which is vulnerable to unauthenticated reflected XSS via the /index.pl endpoint using the user parameter. The root cause is improper handling/validation of user-supplied input on that endpoint, enabling an attack...

6.1CVSS5.9AI score0.01119EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2021/06/09 12:0 a.m.8 views

WordPress Wisem premium theme <= 1.26 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Wisem premium theme versions = 1.26. Solution 9 June 2021 - Theme removed from the Themeforest repository. Unfortunately, no information about the patched version is available...

2.1AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2021/05/16 12:0 a.m.211 views

Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities

The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues - Unauthenticated Reflected XSS | Search query, vulnerable parameters: keywordsearch and locationsearch - Authenticated Persistent XSS & XFS |...

6.1CVSS0.2AI score0.00932EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/03/30 12:0 a.m.22 views

WordPress Cooked Pro premium plugin <= 1.7.5.5 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Jinson Varghese Behanan in WordPress Cooked Pro premium plugin versions = 1.7.5.5. Solution Update the WordPress Cooked Pro premium plugin to the latest available version at least 1.7.5.6...

6.1CVSS2.5AI score0.01749EPSS
Exploits3References3Affected Software1
wpexploit
wpexploit
added 2020/08/29 12:0 a.m.22 views

Real Estate 7 < 3.0.5 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.4 for WordPress. Vulnerable parameters: ctsqftfrom, ctsqftto, ctlotsizefrom, ctlotsizeto, ctmls. Edit WPScanTeam: The issue has been hot-fixed in 3.0.4. So the fixed in has been set to 3.0.5 the next...

2.9AI score
Exploits0References3
WPVulnDB
WPVulnDB
added 2020/08/29 12:0 a.m.15 views

Real Estate 7 < 3.0.5 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.4 for WordPress. Vulnerable parameters: ctsqftfrom, ctsqftto, ctlotsizefrom, ctlotsizeto, ctmls. Edit WPScanTeam: The issue has been hot-fixed in 3.0.4. So the fixed in has been set to 3.0.5 the next...

2.1AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/08/04 8:15 p.m.25 views

CVE-2020-16847

Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887...

6.1AI score0.00648EPSS
Exploits0References2
wpexploit
wpexploit
added 2020/07/31 12:0 a.m.26 views

JobCareer < 3.5 - Multiple Cross-Site Scripting (XSS)

An Unauthenticated Reflected & Authenticated Persistent XSS vulnerabilities were discovered in the JobCareer theme through 3.4 for WordPress. Unauthenticated Reflected XSS - Vulnerable parameters: jobtitle, specialisms, location Authenticated Persistent XSS on Employer Profile - «Complete Address...

Exploits0References2
wpexploit
wpexploit
added 2020/07/27 12:0 a.m.26 views

CarePlus <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

An Unauthenticated Reflected XSS vulnerability was discovered in the CarePlus theme through 1.2 for WordPress. https://example.com/?s=%22%20autofocus%20onfocus=alertXSS;%20%22%3E...

1.3AI score
Exploits0References2
Exploit DB
Exploit DB
added 2020/07/22 12:0 a.m.669 views

WordPress Theme NexosReal Estate 1.7 - &#039;search_order&#039; SQL Injection

Exploit Title: WordPress Theme NexosReal Estate 1.7 - 'searchorder' SQL Injection Google Dork: inurl:/wp-content/themes/nexos/ Date: 2020-06-17 Exploit Author: Vlad Vector Vendor: Sanljiljan https://themeforest.net/user/sanljiljan Software Version: 1.7 Software Link:...

9.8CVSS7.9AI score0.05901EPSS
Exploits7
Rows per page
Query Builder