Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/03/23 7:15 p.m.26 views

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26850

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or blogname', 'or blogdescription', and 'or admin email' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation o...

8.8CVSS5.9AI score0.00341EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/05 5:56 a.m.5 views

WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin WP Hotel Booking versions = 2.2.8...

4.3CVSS7AI score0.00111EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/07 10:36 a.m.5 views

WordPress WPCafe plugin <= 2.2.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WPCafe versions = 2.2.28...

8.8CVSS7AI score0.00525EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/15 11:21 a.m.2 views

CVE-2022-2378

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.9AI score0.0051EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.5 views

PT-2022-19580 · Apache · Apache Archiva

Name of the Vulnerable Software and Affected Versions: Apache Archiva versions prior to 2.2.8 Description: The issue allows any registered user to reset the password for any other user. Recommendations: For versions prior to 2.2.8, update to version 2.2.8 to resolve the issue...

6.5CVSS6.5AI score0.01591EPSS
Exploits0References8
Rows per page
Query Builder