Lucene search
K

6 matches found

EUVD
EUVD
added 2026/05/11 12:32 p.m.34 views

EUVD-2026-29049

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS6AI score0.00391EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 10:16 a.m.46 views

CVE-2026-6956

ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

5.1CVSS0.00391EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/12/05 12:0 a.m.15 views

WordPress Tutor LMS Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49829 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1f03fa341046 Credits emad Required privilege Administrator...

5.9CVSS6.5AI score0.00394EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.14 views

WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ecda45839866 Credits WordFence...

4.3CVSS4.4AI score0.00512EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.11 views

WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Broken Access Control

Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 65c113fe970b Credits WordFence Required...

6.5CVSS6.2AI score0.00557EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.5 views

PT-2022-23902 · Stealjs · Stealjs

Name of the Vulnerable Software and Affected Versions: stealjs steal version 2.2.4 Description: A Regular Expression Denial of Service ReDoS flaw was found in the input variable in main.js. This issue can cause a denial of service. Recommendations: For version 2.2.4, consider restricting the inpu...

7.5CVSS7.3AI score0.01017EPSS
Exploits0References7
Rows per page
Query Builder