Lucene search
+L

36 matches found

Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.7 views

PT-2023-14526 · WordPress · Wp Video Lightbox

Name of the Vulnerable Software and Affected Versions: WP Video Lightbox versions prior to 1.9.7 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admin, due to the plugin'...

5.4CVSS5.3AI score0.00471EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/16 12:0 a.m.5 views

WordPress plugin WP Video Lightbox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS
Exploits1References2
NVD
NVD
added 2022/07/25 1:15 p.m.23 views

CVE-2022-2189

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS0.0054EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/07/25 1:15 p.m.3 views

CVE-2022-2189

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.4AI score0.0054EPSS
Exploits1References2
OSV
OSV
added 2022/07/25 1:15 p.m.4 views

CVE-2022-2189

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS5.8AI score0.0054EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/07/25 12:47 p.m.26 views

CVE-2022-2189 WP Video Lightbox < 1.9.5 - Reflected Cross-Site Scripting

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.3AI score0.0054EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.7 views

WordPress plugin WP Video Lightbox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6AI score0.0054EPSS
Exploits1References2
Patchstack
Patchstack
added 2022/07/04 12:0 a.m.14 views

WordPress WP Video Lightbox plugin <= 1.9.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress WP Video Lightbox plugin versions = 1.9.5. Solution Update the WordPress WP Video Lightbox plugin to the latest available version at least 1.9.6...

1.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/06/30 12:0 a.m.38 views

WordPress WP Video Lightbox plugin <= 1.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress WP Video Lightbox plugin versions = 1.9.4. Solution Update the WordPress WP Video Lightbox plugin to the latest available version at least 1.9.5...

6.1CVSS1.4AI score0.0054EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/08/30 3:15 p.m.3 views

CVE-2021-24665

The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00618EPSS
Exploits1References2
NVD
NVD
added 2021/08/30 3:15 p.m.20 views

CVE-2021-24665

The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS0.00618EPSS
Exploits1References2
Prion
Prion
added 2021/08/30 3:15 p.m.11 views

Cross site scripting

The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...

3.5CVSS5.3AI score0.00618EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/08/30 2:11 p.m.53 views

CVE-2021-24665

The CVE-2021-24665 entry affects the WP Video Lightbox WordPress plugin (versions before 1.9.3). The root cause is failure to escape shortcode attribute values, allowing stored Cross-Site Scripting (XSS) by users with as low as contributor privileges. Reported impact is XSS that could be triggere...

5.4CVSS5.3AI score0.00618EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/08/24 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

5.4CVSS5.5AI score0.00618EPSS
Exploits1References4
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.128 views

WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks videolightboxvimeo5 videoid='"onmouseover=alert/XSS/ b="' width="640" height="480" anchor="Click here to open vimeo video" videolightboxvimeo5...

5.4CVSS1.8AI score0.00618EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.19 views

WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks PoC videolightboxvimeo5 videoid='"onmouseover=alert/XSS/ b="' width="640" height="480" anchor="Click here to open vimeo video" videolightboxvimeo5...

5.4CVSS2.5AI score0.00618EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder