Lucene search
K

8541 matches found

Cvelist
Cvelist
added 2024/05/03 12:0 a.m.21 views

CVE-2024-34449

Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...

5.7AI score0.00359EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.7 views

PT-2024-25903 · Vditor · Vditor

Name of the Vulnerable Software and Affected Versions: Vditor version 3.10.3 Description: The issue allows XSS via an attribute of an A element. The vendor indicates that a user is supposed to mitigate this via sanitize=true. Recommendations: For Vditor version 3.10.3, to mitigate the issue, set...

6.1CVSS6AI score0.00359EPSS
Exploits1References9
CVE
CVE
added 2024/05/03 12:0 a.m.62 views

CVE-2024-34449

CVE-2024-34449 affects Vditor 3.10.3, with XSS via an attribute of an A element. The underlying issue is insufficient sanitization; vendor guidance is to mitigate by enabling sanitize=true. CVSS 3.1 base score 6.1 (Network attack, low complexity, no privilege, user interaction required, scope cha...

6.1CVSS5.7AI score0.00359EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

WordPress plugin Gutenverse 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.1CVSS6.5AI score0.00442EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.2 views

WordPress plugin Carousel Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.7CVSS6.5AI score0.00497EPSS
Exploits2References2
OSV
OSV
added 2024/05/02 5:15 p.m.3 views

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS5.9AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.9 views

CVE-2024-2750

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 5:15 p.m.4 views

CVE-2024-2085

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 5:15 p.m.3 views

CVE-2024-1842

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.12 views

CVE-2024-1805

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.16 views

CVE-2024-3161 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

6.4CVSS6.1AI score0.00433EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.5 views

PT-2024-15183 · WordPress · Collapse-O-Matic

Name of the Vulnerable Software and Affected Versions: Collapse-O-Matic plugin for WordPress versions up to, and including, 1.8.5.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'expand' shortcode due to insufficient input sanitization and output escaping on th...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-21922 · WordPress · Exclusive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9.3 Description: The issue arises from insufficient input sanitization and output escaping in the URL attribute of the Button widget, allowing authenticate...

6.4CVSS6.9AI score0.0032EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.5 views

WordPress plugin ShopLentor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6AI score0.00423EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

WordPress plugin Photo Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.5CVSS7AI score0.00912EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/05/01 7:18 p.m.18 views

CVE-2024-26933

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if...

5.5CVSS7.2AI score0.00179EPSS
Exploits0References4
OSV
OSV
added 2024/05/01 4:37 p.m.17 views

GHSA-9P57-H987-4VGX Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values

There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are...

7.1CVSS6.5AI score0.00713EPSS
Exploits0References11
CVE
CVE
added 2024/05/01 12:48 p.m.66 views

CVE-2022-38386

CVE-2022-38386 affects IBM Cloud Pak for Security (CP4S) 1.10.0.0–1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0–1.10.19.0. The root cause is that SameSite is not set for sensitive cookies, enabling potential information disclosure via MITM. IBM and Red Hat advisories confirm this vulnerab...

5.9CVSS5.8AI score0.00465EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2024/05/01 12:48 p.m.15 views

CVE-2022-38386 IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...

5.9CVSS5.9AI score0.00465EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/01 12:48 p.m.22 views

CVE-2022-38386 IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 2337...

5.9CVSS5.4AI score0.00465EPSS
Exploits0References2
Rows per page
Query Builder