Lucene search
K

55 matches found

wpexploit
wpexploit
added 2020/07/15 12:0 a.m.18 views

Golo < 1.3.3 - Unauthenticated Reflected XSS

An Unauthenticated Reflected XSS vulnerability was discovered in the Golo theme v1.3.2 for WordPress. https://example.com/?s=%22%3E%3Cimg+src%3Dx+onerror%3DalertXSS%2F%2F%22%3E&posttype=place...

1.5AI score
Exploits0References3
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.19 views

Workio – Job Board < 1.0.3 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Workio – Job Board WordPress Theme», tested version — v1.0.1. https://www.demoapus-wp1.com/workio/jobs-grid-v1/?filter-title=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...

2.1AI score
Exploits0References2
Patchstack
Patchstack
added 2020/07/13 12:0 a.m.7 views

WordPress Findgo premium theme <= 1.3.30 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Findgo premium theme versions = 1.3.30. Solution Update the WordPress Findgo premium theme to the latest available version at least =1.3.32...

2.3AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2020/07/13 12:0 a.m.14 views

Prolisting - Directory Listing < 1.27 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «Prolisting - Directory Listing WordPress Theme», tested version — v1.2. https://demoapus.com/prolisting/listings/?searchdistance=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...

2.3AI score
Exploits0References2
wpexploit
wpexploit
added 2020/01/31 12:0 a.m.16 views

Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter

XSS via a wle parameter associated with wp-login.php. WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...

4.3CVSS3.8AI score0.02462EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2020/01/14 12:0 a.m.11 views

Real Estate 7 < 2.9.5 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'Real Estate 7 WordPress', tested version — v2.9.4: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - Authenticated Persistent Self-XSS - IDOR - Information Exposure Edit WPScanTeam: January 12th - Report Received & Envato Contacted...

6.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2019/11/12 5:15 p.m.5 views

CVE-2019-18926

Systematic IRIS Standards Management ISM v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting XSS. A user input related to dialog information is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the...

6.1CVSS6.3AI score0.00649EPSS
Exploits0References1
wpexploit
wpexploit
added 2019/10/24 12:0 a.m.16 views

JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting

In the theme JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. Note WPScanTeam: It's unclear which exact version fixed the issue, but the lowest we were able to test and confirm remediation was 4.5.2.9...

3.4AI score
Exploits0References1
wpexploit
wpexploit
added 2019/07/05 12:0 a.m.10 views

Gallery Photoblocks < 1.1.41 - Unauthenticated Reflected XSS

Also Full Path Disclosure depending on the configuration of the server https:///wp-content/plugins/photoblocks-grid-gallery/admin/partials/photoblocks-edit.php?id="...

1.1AI score
Exploits0References1
NVD
NVD
added 2019/05/24 5:29 p.m.35 views

CVE-2019-11604

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbotservicenotsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not...

6.1CVSS6.2AI score0.01778EPSS
Exploits3References3
Prion
Prion
added 2019/05/24 5:29 p.m.26 views

Input validation

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbotservicenotsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not...

4.3CVSS6.1AI score0.01778EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2019/05/24 4:4 p.m.33 views

CVE-2019-11604

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbotservicenotsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not...

6.2AI score0.01778EPSS
Exploits3References3
NVD
NVD
added 2018/06/11 10:29 a.m.12 views

CVE-2018-12090

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

6.1CVSS6.2AI score0.02244EPSS
Exploits3References2
WPVulnDB
WPVulnDB
added 2016/04/13 12:0 a.m.23 views

e-search <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The e-search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/e-search/tmpl/dateselect.php?date-from=""...

4.3CVSS0.7AI score0.0465EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/04/25 12:0 a.m.20 views

Podcast Channels < 0.28 - Unauthenticated Reflected XSS

The Podcast Channels WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. PoC http://127.0.0.1/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&...

4.3CVSS1.1AI score0.03779EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder