Lucene search
+L

599 matches found

redhatcve
redhatcve
added 2025/05/23 7:24 a.m.7 views

CVE-2024-0587

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqusname' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible f...

6.1CVSS6.3AI score0.00443EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:59 a.m.16 views

CVE-2024-11254

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS6.4AI score0.00277EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:16 a.m.9 views

CVE-2024-37523

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AMP-MODE Login Logo Editor allows Stored XSS.This issue affects Login Logo Editor: from n/a through 1.3.3...

5.9CVSS6.8AI score0.00274EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:14 a.m.5 views

CVE-2024-49683

Missing Authorization vulnerability in Magazine3 Schema & Structured Data for WP & AMP schema-and-structured-data-for-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Schema & Structured Data for WP & AMP: from n/a through = 1.3.5...

5.3CVSS5.9AI score0.00336EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 4:42 a.m.7 views

CVE-2023-48321

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1...

6.5CVSS6.7AI score0.00377EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:16 a.m.6 views

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

7.8CVSS7AI score0.00808EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 2:6 a.m.13 views

CVE-2023-6782

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00449EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:51 p.m.8 views

CVE-2021-34539

An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can trigger code execution...

7.2CVSS7.1AI score0.01171EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:50 a.m.8 views

CVE-2018-20838

ampforwpsavestepsdata in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS...

5.4CVSS6.8AI score0.01078EPSS
Exploits1References1
susecve
susecve
added 2025/05/03 2:51 a.m.4 views

SUSE CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

5.5CVSS6.3AI score0.00168EPSS
Exploits0References6
attackerkb
attackerkb
added 2025/05/02 4:15 p.m.4 views

CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

7.1CVSS6.1AI score0.00168EPSS
Exploits0References4Affected Software1
osv
osv
added 2025/05/02 4:15 p.m.3 views

DEBIAN-CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

7.1CVSS5.6AI score0.00168EPSS
Exploits0References1
osv
osv
added 2025/05/02 4:15 p.m.9 views

UBUNTU-CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

7.1CVSS6.2AI score0.00168EPSS
Exploits0References6
susecve
susecve
added 2025/02/27 3:12 a.m.3 views

SUSE CVE-2022-49111

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hcisendacl This fixes the following trace caused by receiving HCIEVDISCONNPHYLINKCOMPLETE which does call hciconndel without first checking if conn-type is in fact AMPLINK and in case it is do...

5.5CVSS6.5AI score0.00247EPSS
Exploits0References13
redhatcve
redhatcve
added 2025/02/05 4:42 a.m.9 views

CVE-2024-9598

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated attackers to send the...

8.8CVSS6.4AI score0.00261EPSS
Exploits0References1
nvd
nvd
added 2024/12/18 4:15 a.m.29 views

CVE-2024-11254

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.00277EPSS
Exploits0References2
cve
cve
added 2024/12/18 3:22 a.m.55 views

CVE-2024-11254

CVE-2024-11254 (AMP for WP – Accelerated Mobile Pages, WordPress) Vulnerability: Reflected cross-site scripting via the disqus_name parameter. Affected product: AMP for WP plugin for WordPress. Impact: Unauthenticated attackers can inject arbitrary scripts into pages executed in user browsers whe...

6.1CVSS6AI score0.00277EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2024/12/18 3:22 a.m.29 views

CVE-2024-11254 AMP for WP – Accelerated Mobile Pages <= 1.1.1 - Reflected Cross-Site Scripting

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.00277EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/12/18 3:22 a.m.17 views

CVE-2024-11254 AMP for WP – Accelerated Mobile Pages <= 1.1.1 - Reflected Cross-Site Scripting

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS6.4AI score0.00277EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/12/18 12:0 a.m.5 views

WordPress plugin AMP for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.1CVSS7.6AI score0.00277EPSS
Exploits0References2
Rows per page
Query Builder