Lucene search
+L

63 matches found

ptsecurity
ptsecurity
added 2024/03/11 12:0 a.m.5 views

PT-2024-19217 · Sap · Sap Netweaver Administrator As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Administrator AS Java Administrator Log Viewer plug-in version 7.50 Description: The issue allows an attacker with high privileges to upload potentially dangerous files, which leads to a command injection vulnerability. This wou...

9.1CVSS7.4AI score0.01593EPSS
Exploits0References26
veracode
veracode
added 2024/01/23 5:14 a.m.12 views

Cross-Site Scripting (XSS)

MolecularFaces is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of user input within the viewer plugin implementation of . This allows an attacker to inject arbitrary JavaScript code into the client browser by crafting malicious molfiles...

6.1CVSS6.4AI score0.00566EPSS
Exploits0References4Affected Software1
cve
cve
added 2023/11/16 6:38 p.m.108 views

CVE-2023-47245

CVE-2023-47245 affects the ANAC XML Viewer WordPress plugin by Marco Milesi (versions up to 1.7). It is an authenticated Stored XSS vulnerability that requires admin+ privileges. The issue is mitigated by upgrading to 1.7.1 (fixed version).

5.9CVSS5.2AI score0.00394EPSS
Exploits0References1Affected Software1
osv
osv
added 2023/09/04 12:15 p.m.3 views

CVE-2023-32102

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Pexle Chris Library Viewer plugin = 2.0.6 versions...

5.4CVSS5.8AI score0.00374EPSS
Exploits0References1
cve
cve
added 2023/09/04 11:33 a.m.52 views

CVE-2023-32102

CVE-2023-32102 is a Stored XSS in the WordPress Library Viewer plugin (versions

6.5CVSS5.4AI score0.00374EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/09/04 11:33 a.m.10 views

CVE-2023-32102 WordPress Library Viewer Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Pexle Chris Library Viewer plugin = 2.0.6 versions...

6.5CVSS5.6AI score0.00374EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/09/04 12:0 a.m.5 views

WordPress plugin Library Viewer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6.1AI score0.00374EPSS
Exploits0References2
prion
prion
added 2023/05/31 7:15 p.m.14 views

Cross site request forgery (csrf)

A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be...

6.8CVSS6.9AI score0.00443EPSS
Exploits0References4Affected Software1
patchstack
patchstack
added 2023/05/03 12:0 a.m.10 views

WordPress Library Viewer Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Library Viewer Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32102 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0ff4626c41da Credits Mika Required...

6.5CVSS5.6AI score0.00374EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/01/30 9:15 p.m.3 views

CVE-2023-0033

The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS6.1AI score0.00471EPSS
Exploits2References1
patchstack
patchstack
added 2023/01/03 12:0 a.m.16 views

WordPress PDF Viewer Plugin < 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software PDF Viewer Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0033 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6e3ff2a57463 Credits István Márton Required...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References2Affected Software1
bdu_fstec
bdu_fstec
added 2022/12/14 12:0 a.m.7 views

The vulnerability of the plugin for viewing RAW images lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of the plugin for viewing RAW images is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

7.3CVSS7.8AI score0.00828EPSS
Exploits0References2
osv
osv
added 2022/07/01 12:1 a.m.23 views

GHSA-QM37-C4W6-H9V9 Missing Authorization in Jenkins XPath Configuration Viewer Plugin

XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Given appropriate XPath expressions, this page grants access to job configuration XML data...

4.3CVSS4.7AI score0.00557EPSS
Exploits0References2
osv
osv
added 2022/07/01 12:1 a.m.38 views

GHSA-3Q7F-W8FR-368V Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

4.3CVSS4.8AI score0.00454EPSS
Exploits0References3
github
github
added 2022/07/01 12:1 a.m.27 views

Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

4.3CVSS5AI score0.00454EPSS
Exploits0References3Affected Software1
osv
osv
added 2022/06/30 6:15 p.m.7 views

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/06/30 6:15 p.m.3 views

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

4.3CVSS5.8AI score0.00454EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/06/30 6:15 p.m.4 views

CVE-2022-34811

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page...

4.3CVSS5.9AI score0.00557EPSS
Exploits0References2
nvd
nvd
added 2022/06/30 6:15 p.m.29 views

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

4.3CVSS0.00553EPSS
Exploits0References1
nvd
nvd
added 2022/06/30 6:15 p.m.29 views

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

4.3CVSS0.00454EPSS
Exploits0References1
Rows per page
Query Builder