Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 2:51 p.m.12 views

CVE-2020-15178

In PrestaShop contactform module prestashop/contactform before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The message field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser...

9.3CVSS7.3AI score0.01223EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.6 views

PT-2023-17261 · WordPress · Wp Inventory Manager

Name of the Vulnerable Software and Affected Versions: WP Inventory Manager versions prior to 2.1.0.12 Description: The issue concerns a Reflected Cross-Site Scripting problem. It arises because the message parameter is not properly sanitised and escaped before being outputted back in the page...

6.1CVSS6.3AI score0.00458EPSS
Exploits2References4
OSV
OSV
added 2022/08/18 11:15 p.m.19 views

CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

9.8CVSS9.4AI score0.01035EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2020/09/24 1:38 a.m.20 views

Unescaped message used in HTML within LogEventsList

More info at https://phabricator.wikimedia.org/T256171...

6.1CVSS7.2AI score0.01104EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/09/24 1:38 a.m.26 views

Unescaped message used in HTML on Special:Contributions

More info at https://phabricator.wikimedia.org/T255918...

6.1CVSS7.2AI score0.01104EPSS
Exploits0Affected Software1
Rows per page
Query Builder