Lucene search
K

143 matches found

OSV
OSV
added 2022/03/14 3:15 p.m.5 views

CVE-2022-0161

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00863EPSS
Exploits2References2
Prion
Prion
added 2022/03/14 3:15 p.m.11 views

Cross site scripting

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.1AI score0.00863EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/03/14 2:41 p.m.23 views

CVE-2022-0161 ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00863EPSS
Exploits2References2
CVE
CVE
added 2022/03/14 2:41 p.m.90 views

CVE-2022-0161

The CVE-2022-0161 issue affects the WordPress plugin ARI Fancy Lightbox prior to version 1.3.9. The root cause is failure to sanitize and escape the msg parameter when rendering it on an admin page, which enables a Reflected Cross-Site Scripting (XSS) vulnerability. Affected product: ARI Fancy Li...

6.1CVSS6AI score0.00863EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.22 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. cross-site scripting vulnerability exists in versions of the WordPress ARI Fancy Lightbox plugin prior to 1.3.9, which stems from a...

6.1CVSS4.8AI score0.00863EPSS
Exploits2References3
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.4 views

WordPress ARI Stream Quiz plugin <= 1.2.26 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress ARI Stream Quiz plugin versions = 1.2.26. Solution Update the WordPress ARI Stream Quiz plugin to the latest available version at least 1.2.27...

2.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/17 12:0 a.m.23 views

ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=ari-fancy-lightbox=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

6.2AI score0.00863EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.21 views

WordPress ARI Fancy Lightbox plugin <= 1.3.8 - Reflected Cross-Site Scripting (XSS) vulnerabilities

Reflected Cross-Site Scripting XSS vulnerabilities discovered by Krzysztof Zając in WordPress ARI Fancy Lightbox plugin versions = 1.3.8. Solution Update the WordPress ARI Fancy Lightbox plugin to the latest available version at least 1.3.9...

6.1CVSS1.8AI score0.00863EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.191 views

ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=ari-fancy-lightbox&msg=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E...

0.8AI score0.00863EPSS
Exploits2References1
NVD
NVD
added 2021/09/15 2:15 p.m.29 views

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

5.4CVSS0.00853EPSS
Exploits1References1
OSV
OSV
added 2021/09/15 2:15 p.m.4 views

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

5.4CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2021/09/15 1:52 p.m.25 views

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

5.7AI score0.00853EPSS
Exploits1References1
CVE
CVE
added 2021/09/15 1:52 p.m.44 views

CVE-2020-19156

CVE-2020-19156 affects Ari Adminer v1 (WordPress plugin). An XSS flaw in the Add New Connections -&gt; save() path via the Title parameter allows remote input handling that could lead to code execution. Root cause: insufficient input sanitization in the vulnerable component. Impact stated as XSS ...

5.4CVSS5.7AI score0.00853EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

5.4CVSS6.1AI score0.00853EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/06/18 12:0 a.m.56 views

Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi mwifiex driver, which a local user could use to cause...

9.8CVSS7.1AI score0.98745EPSS
Exploits6References11
CNVD
CNVD
added 2019/04/30 12:0 a.m.1 views

ARI Quiz Component SQL Injection Vulnerability in Joomla!

Joomla! is a Content Management System CMS. A SQL injection vulnerability exists in the ARI Quiz component of Joomla! An attacker can trick the server into executing malicious SQL commands by inserting SQL commands into the query string of a web form submission or input domain or page request...

8.2AI score
Exploits0References1
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.47 views

Joomla! Component ARI Quiz 3.7.4 - SQL Injection

Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/04/30 12:0 a.m.31 views

Joomla! Component ARI Quiz 3.7.4 - SQL Injection

Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...

0.6AI score
Exploits0
0day.today
0day.today
added 2019/04/28 12:0 a.m.286 views

Joomla ARI Quiz 3.7.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: email protected Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...

Exploits0
Packet Storm
Packet Storm
added 2019/04/27 12:0 a.m.78 views

Joomla ARI Quiz 3.7.4 SQL Injection

Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...

0.4AI score
Exploits0
Rows per page
Query Builder