Lucene search
K

69 matches found

CNNVD
CNNVD
added 2025/03/18 12:0 a.m.4 views

Contao 跨站脚本漏洞

Contao is Contao open source a set of open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that stems from the fact that users can upload SVG files...

5.4CVSS6.3AI score0.00203EPSS
Exploits0References4
Snyk
Snyk
added 2025/02/21 10:14 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of SVG uploads. An attacker can inject malicious scripts and potentially redirect users to malicious websites by uploading specially crafted SVG files. Details Cross-site scripting or XS...

6.1CVSS5.3AI score
Exploits0References2
OSV
OSV
added 2025/02/21 4:15 a.m.2 views

CVE-2024-13379

The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.9AI score
Exploits0References4
Patchstack
Patchstack
added 2025/01/30 8:8 a.m.5 views

WordPress GoodLayers Core plugin < 2.1.3 - Subscriber+ Stored XSS via SVG Upload vulnerability

Subscriber+ Stored XSS via SVG Upload vulnerability discovered by Amine SAJID in WordPress Plugin Goodlayers Core versions 2.1.3...

6.5CVSS6AI score0.00263EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.5 views

PT-2024-39722 · WordPress · Wp Shapes

Name of the Vulnerable Software and Affected Versions: WP SHAPES plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS8.4AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.8 views

PT-2024-16752 · WordPress · The Support Svg – Upload Svg Files In Wordpress Without Hassle

Name of the Vulnerable Software and Affected Versions: The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input...

6.4CVSS6.2AI score0.00391EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.4 views

PT-2024-10981 · Chatwoot · Chatwoot

Name of the Vulnerable Software and Affected Versions: chatwoot/chatwoot versions prior to 2.6 Description: A stored cross-site scripting XSS vulnerability was discovered, affecting the profile settings when a user uploads an SVG file containing a malicious XSS payload. When the avatar is opened ...

7.8CVSS6.9AI score0.00285EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.12 views

PT-2024-15977 · WordPress · Pjw Mime Config

Name of the Vulnerable Software and Affected Versions: PJW Mime Config plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers...

6.4CVSS8AI score0.0032EPSS
Exploits0References7
OSV
OSV
added 2024/10/18 11:15 a.m.3 views

CVE-2024-9674

The Debrandify · Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS5.9AI score0.00288EPSS
Exploits0References3
OSV
OSV
added 2024/10/18 5:15 a.m.4 views

CVE-2024-9373

The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

5.4CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2024/10/10 2:15 a.m.3 views

CVE-2024-9072

The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.3 views

PT-2024-39399 · WordPress · Elementor Inline Svg

Name of the Vulnerable Software and Affected Versions: Elementor Inline SVG plugin for WordPress version 1.2.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS5.8AI score0.00271EPSS
Exploits0References7
OSV
OSV
added 2024/10/04 10:15 a.m.7 views

CVE-2024-9271

The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to injec...

5.4CVSS5.9AI score0.00288EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.5 views

PT-2024-39470 · WordPress · Demo Importer Plus

Name of the Vulnerable Software and Affected Versions: Demo Importer Plus plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6.2AI score0.00303EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.5 views

PT-2024-39527 · WordPress · Relogo

Name of the Vulnerable Software and Affected Versions: Relogo plugin for WordPress versions up to, and including, 0.4.2 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6.2AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.9 views

PT-2024-37875 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6AI score0.00366EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.5 views

PT-2024-26957 · WordPress · Webp & Svg Support

Name of the Vulnerable Software and Affected Versions: WebP & SVG Support WordPress plugin versions prior to 1.4.1 Description: The issue concerns the WebP & SVG Support WordPress plugin, which fails to properly sanitise uploaded SVG files. This could allow users with a role as low as Author to...

5.4CVSS6AI score0.00331EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/11/16 12:0 a.m.4 views

PT-2022-25291 · WordPress · Svg Support

Name of the Vulnerable Software and Affected Versions: SVG Support plugin for WordPress versions 2.5 through 2.5.1 Description: The SVG Support plugin for WordPress defaults to insecure settings, allowing authenticated attackers with author-level privileges and higher to upload malicious SVG file...

6.4CVSS5.8AI score0.00413EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.4 views

Claroline 跨站脚本漏洞

Claroline is an open source learning management system from Claroline Open Source. A security vulnerability exists in Claroline version 13.5.7 and earlier versions, which stems from a cross-site scripting XSS attack via SVG file uploads...

6.1CVSS5AI score0.0055EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.4 views

PT-2022-23849 · Claroline · Claroline

Name of the Vulnerable Software and Affected Versions: Claroline versions prior to 13.5.8 Description: The issue is related to Cross Site Scripting XSS via SVG file upload. This means an attacker could potentially inject malicious scripts into the system by uploading specially crafted SVG files...

6.1CVSS6AI score0.0055EPSS
Exploits1References5
Rows per page
Query Builder