Lucene search
K

187 matches found

OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-16478 Malicious code in cammy-web-analytics (npm)

The package cammy-web-analytics was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:21 a.m.6 views

CVE-2023-45057

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:19 a.m.8 views

CVE-2023-45268

Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...

8.8CVSS7.1AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.5 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '...

9.8CVSS9.4AI score0.99134EPSS
Exploits14References1
OSV
OSV
added 2024/10/10 2:15 a.m.2 views

CVE-2024-8513

The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsavepluginconfig function in all versions up to, and including, 4.1.0.0. This makes it possibl...

5.3CVSS5.8AI score
Exploits0References2
Securelist
Securelist
added 2024/09/24 10:0 a.m.13 views

Web tracking report: who monitored users’ online activities in 2023–2024 the most

Web tracking has become a pervasive aspect of our online experience. Whether we're browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwid...

6.6AI score
Exploits0
HackRead
HackRead
added 2024/07/29 5:51 p.m.12 views

XSS and OAuth Combo Threatens Millions of Users Due to Hotjar Flaw

Cybersecurity Experts Uncover Critical Vulnerabilities in Leading Web Analytics Platform Hotjar, Potentially Exposing Sensitive Data of Millions of…...

7.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.5 views

The vulnerability of the BIG-IP Access Policy Manager, as well as software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, is related to incorrect session duration settings. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibili...

8.1CVSS7.5AI score0.00457EPSS
Exploits0References4Affected Software18
NVD
NVD
added 2023/10/18 9:15 a.m.12 views

CVE-2023-45057

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...

5.9CVSS5.4AI score0.00316EPSS
Exploits0References1
Prion
Prion
added 2023/10/18 9:15 a.m.18 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...

4.3CVSS4.8AI score0.00316EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/18 8:18 a.m.12 views

CVE-2023-45057 WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
CVE
CVE
added 2023/10/18 8:18 a.m.46 views

CVE-2023-45057

CVE-2023-45057 is a stored XSS vulnerability in Hitsteps Web Analytics Plugin for WordPress, affecting all versions

5.9CVSS5.1AI score0.00316EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/18 8:18 a.m.24 views

CVE-2023-45057 WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Hitsteps Web Analytics plugin = 5.86 versions...

5.9CVSS5.5AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/18 12:0 a.m.2 views

WordPress Plugin Hitsteps Web Analytics Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS5.9AI score0.00316EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/10/18 12:0 a.m.21 views

Hitsteps Web Analytics < 5.87 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.15 views

Hitsteps Web Analytics < 5.87 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS7AI score0.00214EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/10/13 3:15 p.m.17 views

CVE-2023-45268

Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...

8.8CVSS5.8AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2023/10/13 3:15 p.m.3 views

CVE-2023-45268

Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...

8.8CVSS7.3AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2023/10/13 3:15 p.m.22 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...

6.8CVSS8.8AI score0.00214EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/13 2:53 p.m.26 views

CVE-2023-45268 WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Hitsteps Hitsteps Web Analytics plugin = 5.86 versions...

4.3CVSS9AI score0.00214EPSS
Exploits0References1
Rows per page
Query Builder