Lucene search
K

38 matches found

CNVD
CNVD
added 2022/11/30 12:0 a.m.16 views

WordPress Video Thumbnails plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS4.8AI score0.00495EPSS
Exploits2References1
OSV
OSV
added 2022/11/28 2:15 p.m.5 views

CVE-2022-3828

The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00495EPSS
Exploits2References1
NVD
NVD
added 2022/11/28 2:15 p.m.23 views

CVE-2022-3828

The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00495EPSS
Exploits2References1
Prion
Prion
added 2022/11/28 2:15 p.m.13 views

Cross site scripting

The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00495EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/11/28 1:47 p.m.67 views

CVE-2022-3828

Video Thumbnails WordPress plugin (≤ version 2.12.3) contains a stored XSS vulnerability due to unsanitized/uncleaned settings, exploitable by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Affected component: plugin settings. Impact: stored XSS with potential for ad...

4.8CVSS4.6AI score0.00495EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/28 1:47 p.m.6 views

CVE-2022-3828 Video Thumbnails <= 2.12.3 - Admin+ Stored XSS

The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.9AI score0.00495EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.6 views

WordPress plugin Video Thumbnails 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS6AI score0.00495EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/11/02 12:0 a.m.15 views

Video Thumbnails <= 2.12.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the "Custom Fiel...

4.8CVSS1.7AI score0.00495EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.18 views

WordPress Video Thumbnails plugin <= 2.12.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Video Thumbnails plugin versions = 2.12.3. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full...

2.5AI score0.00495EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/11/02 12:0 a.m.88 views

Video Thumbnails <= 2.12.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "Custom Field...

4.8CVSS0.1AI score0.00495EPSS
Exploits2
OSV
OSV
added 2022/05/14 2:2 a.m.20 views

GHSA-276R-24XQ-HWG8 Pimcore XSS Vulnerability

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

5.4CVSS5.5AI score0.03121EPSS
Exploits5References5
Github Security Blog
Github Security Blog
added 2022/05/14 2:2 a.m.31 views

Pimcore XSS Vulnerability

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

5.4CVSS6.3AI score0.03121EPSS
Exploits5References6Affected Software1
Veracode
Veracode
added 2022/03/16 3:25 a.m.22 views

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the pricing rule of online shop in EcommerceFrameworkBundle, image thumbnails in settings, and video thumbnails in settings...

5.4CVSS1.7AI score0.0079EPSS
Exploits1References5Affected Software1
Huntr
Huntr
added 2022/03/08 5:12 p.m.34 views

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in multiple places including: 1 the Pricing Rule of Online Shop in EcommerceFrameworkBundle. Whenever an admin user access Pricing Rule, a stored XSS will be triggered. 2 Image Thumbnails in Settings. Whenever an admin user access Image...

3.5CVSS5.5AI score0.0079EPSS
Exploits1
Huntr
Huntr
added 2022/01/18 4:11 a.m.26 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description stored xss vulnerability occurs when you change the value of Group at "Settings" = "Thumbnalis" = "Video Thumbnails" in the pimcore service. Proof of Concept txt XSS POC : " 1. Open the https://10.x-dev.pimcore.fun/admin/login?perspective= 2. After login, Go to "Settings" = "Thumbnali...

3.5CVSS5.4AI score0.01456EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 3:5 p.m.31 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you add media query at "Settings" = "Thumbnails" = "Video Thumbnails" in the pimcore service. Proof of Concept txt XSS POC...

4.3CVSS0.2AI score0.0154EPSS
Exploits1
OSV
OSV
added 2018/08/24 10:29 p.m.29 views

CVE-2018-14059

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

5.4CVSS5.7AI score
Exploits0References4
Prion
Prion
added 2018/08/24 10:29 p.m.22 views

Design/Logic Flaw

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

3.5CVSS5.5AI score0.03121EPSS
Exploits5References4Affected Software1
Rows per page
Query Builder