Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11191

Malware in sbrugna...

5.4CVSS5.5AI score0.0062EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-11340

Malware in sbrugna...

4.8CVSS5.2AI score0.00547EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-44039

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00353EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:36 a.m.4 views

CVE-2024-4411

The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.5 views

CVE-2021-24277

The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues...

5.4CVSS5.9AI score0.0062EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.4 views

CVE-2021-24428

The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00547EPSS
Exploits1References1
NVD
NVD
added 2024/05/14 3:43 p.m.13 views

CVE-2024-4411

The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.9AI score0.00353EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

WordPress plugin Mihdan: Yandex Turbo Feed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Mihdan: A security...

6.4CVSS6.2AI score0.00353EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/09 8:3 p.m.13 views

CVE-2024-4411 Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.23 views

CVE-2024-4411 Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS6AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.5 views

PT-2024-30954 · Yandex · Yandex Turbo Feed Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Mihdan: Yandex Turbo Feed plugin for WordPress versions up to, and including, 1.6.5.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, allowing...

6.4CVSS6.9AI score0.00353EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/06 9:18 a.m.4 views

WordPress Mihdan: Yandex Turbo Feed plugin <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Mihdan: Yandex Turbo Feed versions = 1.6.5.1...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/06 12:0 a.m.13 views

Mihdan: Yandex Turbo Feed < 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00353EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/06 12:0 a.m.6 views

WordPress Mihdan: Yandex Turbo Feed Plugin <= 1.6.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Mihdan: Yandex Turbo Feed Type Plugin Vulnerable versions = 1.6.5.1 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4411 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7511f9588339 Credits Peter...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/08/02 11:15 a.m.13 views

CVE-2021-24428

The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00547EPSS
Exploits1References2
OSV
OSV
added 2021/08/02 11:15 a.m.0 views

CVE-2021-24428

The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00547EPSS
Exploits1References2
Prion
Prion
added 2021/08/02 11:15 a.m.19 views

Cross site scripting

The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

3.5CVSS4.9AI score0.00547EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/08/02 10:31 a.m.90 views

CVE-2021-24428

The CVE-2021-24428 entry describes an Authenticated Stored XSS in the WordPress plugin “RSS for Yandex Turbo” (versions up to 1.30). The underlying issue is failure to sanitize/escape certain settings when saving and displaying them in the admin dashboard, enabling script execution even when unfi...

4.8CVSS4.8AI score0.00547EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/02 10:31 a.m.20 views

CVE-2021-24428 RSS for Yandex Turbo <= 1.30 - Authenticated Stored XSS

The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

5.1AI score0.00547EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

4.8CVSS5.2AI score0.00547EPSS
Exploits1References3
Rows per page
Query Builder