Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2026/02/25 4:17 p.m.3 views

CVE-2026-27518

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

5.1CVSS5.4AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.2 views

CVE-2022-0418

The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfilteredhtml is disallowed...

4.8CVSS6.1AI score0.00577EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-49829

Malicious code in bioql PyPI...

5.1CVSS4AI score0.00416EPSS
Exploits1References4
OSV
OSV
added 2025/05/30 6:15 a.m.3 views

CVE-2025-4429

The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:40 a.m.15 views

CVE-2025-0709

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.1CVSS6.2AI score0.00368EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.3 views

CVE-2022-1062

The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00565EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/13 11:0 p.m.26 views

CVE-2025-4551

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

5.1CVSS6.3AI score0.00294EPSS
Exploits1References1
OSV
OSV
added 2025/01/24 9:15 p.m.5 views

CVE-2025-0709

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

4.8CVSS6.2AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/30 6:0 a.m.13 views

CVE-2024-8283 Slider by 10Web < 1.2.59 - Admin+ Stored XSS

The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4AI score0.00365EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/05 6:0 a.m.31 views

CVE-2024-3636 Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00348EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/23 6:0 a.m.19 views

CVE-2024-2220 Button contact VR <= 4.7 - Admin+ Stored XSS

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.0033EPSS
Exploits2References1
OSV
OSV
added 2024/05/07 6:15 a.m.2 views

CVE-2024-3628

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

3.8CVSS5.8AI score0.00435EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/15 5:0 a.m.18 views

CVE-2024-1660 Top Bar < 3.0.5 - Admin+ Stored XSS

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4AI score0.00441EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/01 5:0 a.m.20 views

CVE-2024-2278 WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS

Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.0042EPSS
Exploits2References1
NVD
NVD
added 2023/10/27 8:15 a.m.21 views

CVE-2023-46192

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Internet Marketing Ninjas Internal Link Building plugin = 1.2.3 versions...

5.9CVSS5.4AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2023/10/02 10:15 a.m.4 views

CVE-2023-44239

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jobin Jose WWM Social Share On Image Hover plugin = 2.2 versions...

4.8CVSS7.3AI score0.00336EPSS
Exploits0References1
wpexploit
wpexploit
added 2023/07/10 12:0 a.m.152 views

Short URL < 1.6.5 - Admin+ Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. In the plugin settings, add the POC alert1 to the...

6.1AI score0.00429EPSS
Exploits2
Cvelist
Cvelist
added 2023/06/19 10:52 a.m.18 views

CVE-2023-2812 Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.0047EPSS
Exploits2References1
OSV
OSV
added 2023/05/30 8:15 a.m.3 views

CVE-2023-2470

The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6.6AI score0.00472EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/09/19 12:0 a.m.13 views

reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC POST /wp-admin/options.php HTTP/1.1 Accept:...

4.8CVSS1.7AI score0.00506EPSS
Exploits2Affected Software1
Rows per page
Query Builder