Lucene search
K

25 matches found

NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-53737

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

6.1CVSS0.00158EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.21 views

CVE-2026-53737

CVE-2026-53737 affects Juicer (through 1.12.18). The vulnerability is a Stored Cross-Site Scripting (XSS) due to unescaped remote feed API response fields on the admin settings page; when the page loads, an attacker controlling the connected feed data can inject script that runs in an administrat...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48551

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

WordPress plugin Juicer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.3AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 2:16 a.m.11 views

CVE-2021-47983

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/02 7:48 a.m.12 views

EUVD-2026-33887

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 1:25 a.m.11 views

CVE-2026-6399

The CVE concerns the WordPress General Options plugin (up to version 1.1.0). Root cause: the code uses sanitize_text_field() for output escaping in the ad_contact_number field, which strips HTML but does not encode double quotes, so when echoed inside a double-quoted HTML attribute (value="..."),...

4.4CVSS6AI score0.0023EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.4 views

PT-2026-23835

Name of the Vulnerable Software and Affected Versions WP App Bar plugin for WordPress versions up to and including 1.5 Description The WP App Bar plugin for WordPress is susceptible to Stored Cross-Site Scripting through the app-bar-features parameter. This is a result of inadequate input...

7.2CVSS5.9AI score0.00233EPSS
Exploits0References9
OSV
OSV
added 2026/01/25 1:15 p.m.6 views

CVE-2020-36932

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

6.1CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added 2026/01/25 1:4 p.m.31 views

CVE-2020-36932 Seacms 11.1 - 'checkuser' Stored XSS

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

6.1CVSS0.00244EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/25 1:4 p.m.6 views

EUVD-2026-4635

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

6.4CVSS5.1AI score0.00244EPSS
Exploits1References5
CVE
CVE
added 2026/01/25 1:4 p.m.13 views

CVE-2020-36932

CVE-2020-36932 affects SeaCMS 11.1. The vulnerability is a stored cross-site scripting (XSS) in the checkuser parameter of the admin settings page. The underlying issue allows an attacker to inject JavaScript payloads that execute in users’ browsers when the page loads. Affected component: admin ...

6.1CVSS5.1AI score0.00244EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/25 1:4 p.m.4 views

CVE-2020-36932 Seacms 11.1 - 'checkuser' Stored XSS

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

6.1CVSS5.8AI score0.00244EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.6 views

PT-2025-46770

Name of the Vulnerable Software and Affected Versions code-projects Responsive Hotel Site version 1.0 Description A SQL injection flaw exists due to manipulation of the usname argument within an unknown function of the /admin/usersetting.php file. This issue can be exploited remotely. The exploit...

5.8CVSS5.2AI score0.00333EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-38792

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01006EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.6 views

CVE-2023-34756

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings=charset=edit...

9.8CVSS8.2AI score0.04228EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:7 p.m.9 views

CVE-2020-19626

Cross Site Scripting XSS vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new...

5.4CVSS5.9AI score0.00848EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2023/06/14 2:15 p.m.6 views

CVE-2023-34754

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit...

9.8CVSS7.4AI score0.03449EPSS
Exploits1References2
OSV
OSV
added 2023/06/14 2:15 p.m.19 views

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...

9.8CVSS8.5AI score0.05459EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/14 12:0 a.m.13 views

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...

8.2AI score0.05459EPSS
Exploits1References3
Rows per page
Query Builder