Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1917

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00636EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 2:14 a.m.6 views

CVE-2024-2948

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'userfavorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'nofavorites'. This makes it possib...

7.2CVSS5.8AI score0.0038EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.4 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a low-privileged user to read any user's workplace favorites and user menus, as well as all...

4.3CVSS6.4AI score0.00266EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/30 7:36 a.m.9 views

CVE-2024-2948

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'userfavorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'nofavorites'. This makes it possib...

7.2CVSS5.8AI score0.0038EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/30 12:0 a.m.2 views

WordPress Plugin Favorites 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.2CVSS7.6AI score0.0038EPSS
Exploits0References3
NVD
NVD
added 2023/05/31 5:15 a.m.15 views

CVE-2023-2304

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.7AI score0.00687EPSS
Exploits0References4
OSV
OSV
added 2023/05/31 5:15 a.m.2 views

CVE-2023-2304

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS6.8AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/05/31 5:15 a.m.3 views

CVE-2023-2304

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS7AI score0.00687EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.2 views

WordPress Plugin Favorites 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS6.6AI score0.00687EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.7 views

Nagios XI Security Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in the Favorites component of Nagios XI 5.8.0 before 1.0.2, which stems fr...

5.3CVSS6.1AI score0.19017EPSS
Exploits0References2
Hacker One
Hacker One
added 2018/07/10 4:20 p.m.2253 views

Pornhub: Stored XSS on the https://www.redtube.com/users/[profile]/collections

Researcher successfully closed the image 'alt' attribute and injected javascript by submitting an XSS payload as the collection title. This led to stored cross-site scripting on the user's collections page, executed against any users who visited the user's collections. The user's favorites page w...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2018/03/06 11:34 p.m.25 views

Imgur: CSRF leads to a stored self xss

Followup from 311460 Summary Self xss and CSRF are both out of scope, but when paired it is possible to create an attack on a user. Description A favorites folder with an xss payload for a name will launch when saving an image to said folder. This can be verified by following these steps Visit yo...

7AI score
Exploits0
Rows per page
Query Builder