Lucene search
K

138 matches found

Vulnrichment
Vulnrichment
added 2024/04/10 11:49 a.m.14 views

CVE-2024-20759 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

8.1CVSS7AI score0.01028EPSS
Exploits0References1
CVE
CVE
added 2024/04/10 11:49 a.m.96 views

CVE-2024-20759

CVE-2024-20759 affects Adobe Commerce (Magento) Open/Commerce platforms: versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier. The issue is a stored Cross‑Site Scripting (XSS) vulnerability in vulnerable form fields that could be exploited by a high‑privileged attacker to inject malicio...

8.1CVSS6.8AI score0.01028EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2024/04/10 11:49 a.m.9 views

CVE-2024-20759 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

8.1CVSS7.1AI score0.01028EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/10 11:49 a.m.25 views

CVE-2024-20759 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

8.1CVSS7.1AI score0.01028EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/07 12:0 a.m.7 views

PT-2024-17794 · WordPress · Wpb Show Core

Name of the Vulnerable Software and Affected Versions: WPB Show Core WordPress plugin versions prior to 2.7 Description: The issue is related to a Reflected Cross-Site Scripting problem, where some parameters are not properly sanitised and escaped before being outputted back in the page. This cou...

4.7CVSS6.4AI score0.00499EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.10 views

PT-2024-15658 · WordPress · Enhanced Text Widget

Name of the Vulnerable Software and Affected Versions: Enhanced Text Widget WordPress plugin versions prior to 1.6.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

6.5CVSS8.1AI score0.00497EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2024/02/29 1:41 a.m.4 views

CVE-2023-48653

Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery CSRF via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.4 views

PT-2024-15210 · WordPress · Pagelayer

Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer WordPress plugin versions prior to 1.8.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, f...

4.8CVSS5.4AI score0.00402EPSS
Exploits2References5
OSV
OSV
added 2024/01/01 3:15 p.m.7 views

CVE-2023-6485

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against hi...

5.4CVSS7.3AI score0.00527EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.9 views

PT-2023-32458 · WordPress · Bsk Forms Blacklist

Name of the Vulnerable Software and Affected Versions: BSK Forms Blacklist WordPress plugin versions prior to 3.7 Description: The issue concerns the BSK Forms Blacklist WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such...

4.8CVSS5.3AI score0.00379EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.8 views

PT-2023-32846 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A vulnerability was found in the User Creation Handler component, affecting the processing of the file "/dashboard?controller=UserCollection::createUser". This issue leads to cross-site request...

6.5CVSS6.7AI score0.00392EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.5 views

PT-2023-32740 · Efacec · Bcu 500 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF...

8.8CVSS8.5AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.9 views

PT-2023-9137 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts...

8.5CVSS5.5AI score0.01028EPSS
Exploits0References14
OSV
OSV
added 2023/08/16 12:15 p.m.7 views

CVE-2023-1465

The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00458EPSS
Exploits2References1
OSV
OSV
added 2023/08/07 3:15 p.m.7 views

CVE-2023-3671

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00396EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/07/01 12:0 a.m.5 views

WordPress Plugin eCommerce Product Catalog 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS5.1AI score0.00476EPSS
Exploits1References10
OSV
OSV
added 2023/05/15 1:15 p.m.5 views

CVE-2023-1915

The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00477EPSS
Exploits2References1
OSV
OSV
added 2023/04/24 7:15 p.m.5 views

CVE-2023-1420

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...

6.1CVSS6.8AI score0.00493EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/04/17 12:0 a.m.6 views

PT-2023-16859 · WordPress · Drag/Drop Multiple File Upload Pro - Contact Form 7 Standard +1

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin versions prior to 2.11.1 Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin versions prior to 5.0.6.4...

6.1CVSS6AI score0.00542EPSS
Exploits3References7
OSV
OSV
added 2023/02/27 4:15 p.m.4 views

CVE-2022-4829

The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

5.4CVSS5.8AI score0.0049EPSS
Exploits2References1
Rows per page
Query Builder