Lucene search
K

6612 matches found

Prion
Prion
added 2023/05/12 3:15 p.m.14 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...

4.9CVSS5.2AI score0.00361EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/12 2:39 p.m.41 views

CVE-2023-23867

CVE-2023-23867: WordPress Button Builder – Buttons X plugin

6.5CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/05/11 8:15 p.m.20 views

CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS6.3AI score0.00744EPSS
Exploits0References4
Prion
Prion
added 2023/05/11 8:15 p.m.35 views

Code injection

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4CVSS4.5AI score0.00744EPSS
Exploits0References4Affected Software1
Metasploit
Metasploit
added 2023/05/11 7:50 p.m.660 views

Pentaho Business Server Auth Bypass and Server Side Template Injection RCE

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass CVE-2022-43939 and a Server Side Template Injection SSTI vulnerability CVE-2022-43769 that can be chained together to achieve unauthenticated code...

9.8CVSS9.1AI score0.9767EPSS
Exploits7
Cvelist
Cvelist
added 2023/05/11 7:22 p.m.25 views

CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

3.1CVSS5.7AI score0.00744EPSS
Exploits0References4
OSV
OSV
added 2023/05/11 7:22 p.m.32 views

CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

3.1CVSS6.5AI score0.00744EPSS
Exploits0References6
CVE
CVE
added 2023/05/11 2:31 p.m.45 views

CVE-2023-22720

CVE-2023-22720 affects the WordPress plugin WP Links Page by Robert Macchi. Versions ≤ 4.9.3 are vulnerable to a Stored XSS due to inadequate input handling. The vulnerability impact is described in the CVE as cross-site scripting, with a PatchSTACK entry noting the fix in version 4.9.4 . No expl...

6.5CVSS5.5AI score0.0037EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/11 9:46 a.m.88 views

CVE-2023-2490

CVE-2023-2490 affects the WordPress plugin UserAgent-Spy (Fernando Briano)

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.5 views

PT-2023-22606 · Webkil · Webkul Qloapps

Name of the Vulnerable Software and Affected Versions: Webkil QloApps version 1.5.2 Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the back and email create parameters in the AuthController.php file. Recommendations: For Webkil QloApps versi...

6.1CVSS6.4AI score0.08731EPSS
Exploits5References10
Cvelist
Cvelist
added 2023/05/10 10:31 a.m.33 views

CVE-2022-47606 WordPress WP-CORS Plugin <= 0.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Stephenson WP-CORS plugin = 0.2.1 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/05/10 10:28 a.m.45 views

CVE-2022-27856

CVE-2022-27856 is a stored XSS vulnerability in the WordPress Atlas Gondal Export All URLs plugin, affecting versions

5.4CVSS4.4AI score0.00383EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/10 10:23 a.m.47 views

CVE-2022-47423

CVE-2022-47423 pertains to the WordPress WP-dTree plugin, affected versions are ≤ 4.4.5. The root cause is a Stored XSS flaw in plugin settings due to insufficient sanitization/escaping, allowing admin+ users to inject malicious content. Public sources corroborate admin-level exposure and note th...

5.9CVSS5.1AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/10 10:17 a.m.40 views

CVE-2022-47436

CVE-2022-47436 is a Stored XSS affecting the WordPress plugin Yatra (Best Travel Booking WordPress Plugin) by MantraBrain. Public details confirm the vulnerability exists in Yatra versions through 2.1.14 and that a fix is available in version 2.1.15. The root cause is improper neutralization of i...

5.9CVSS6.5AI score0.00369EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/05/10 9:15 a.m.36 views

CVE-2023-30746

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Booqable Rental Software Booqable Rental plugin = 2.4.15 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/05/10 9:15 a.m.12 views

CVE-2023-22696

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Custom4Web Affiliate Links Lite plugin = 2.5 versions...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1
CVE
CVE
added 2023/05/10 9:12 a.m.58 views

CVE-2022-33961

CVE-2022-33961 is an admin+ authenticated Stored XSS in the WordPress YellowPencil Visual CSS Style Editor plugin (

4.8CVSS4.6AI score0.00352EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/10 8:56 a.m.16 views

CVE-2022-32970 WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Themify Themify Portfolio Post plugin = 1.2.4 versions...

4.1CVSS5.4AI score0.00364EPSS
Exploits0References1
CVE
CVE
added 2023/05/10 7:43 a.m.35 views

CVE-2023-24418

CVE-2023-24418 affects the WordPress plugin Tiny carousel horizontal slider plus (admin+). The vulnerability is a Stored Cross-Site Scripting (XSS) in versions

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/10 7:19 a.m.36 views

CVE-2023-23786

CVE-2023-23786 concerns the WordPress affiliate-toolkit plugin from Christof Servit, with a Stored XSS issue exploitable by users with Editor+ permissions in versions

5.9CVSS5.2AI score0.00358EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder