Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.5 views

CVE-2020-23014

APfell 1.4 is vulnerable to authenticated reflected cross-site scripting XSS in /apiui/command through the payloadtypescallback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel...

5.4CVSS5.8AI score0.00591EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-40712

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00398EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/29 5:11 p.m.38 views

CVE-2025-46350 Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

3.5CVSS0.00241EPSS
Exploits1References2
NVD
NVD
added 2024/01/13 4:15 a.m.34 views

CVE-2023-51068

An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...

5.4CVSS5.2AI score0.0035EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.3 views

PT-2022-23350 · Totalsoft · Totalsoft Event Calendar – Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Totalsoft Event Calendar – Calendar plugin versions 1.4.6 and earlier Description: The issue is related to an Authenticated Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious scrip...

5.4CVSS5.2AI score0.00469EPSS
Exploits0References5
NVD
NVD
added 2022/05/11 1:15 p.m.12 views

CVE-2022-29976

An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0...

5.4CVSS0.0046EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/27 3:32 p.m.18 views

CVE-2021-36875 WordPress uListing plugin <= 2.0.5 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability

Cross-site Scripting XSS vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5...

5.9CVSS5.2AI score0.00749EPSS
Exploits1References1
Patchstack
Patchstack
added 2021/07/27 12:0 a.m.12 views

WordPress uListing plugin <= 2.0.5 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Vulnerable parameters: &filterid, &filteruser, &filterexpireddate, &filtercreateddate, &filterupdateddate. Solution Update the WordPress uListing...

5.9CVSS1.9AI score0.00749EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/24 10:58 a.m.25 views

CVE-2021-24306 Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue...

5.4AI score0.0062EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/04/05 6:27 p.m.25 views

CVE-2021-24196 Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized...

5.5AI score0.00679EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/03/14 12:0 a.m.520 views

Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized /wp-admin/admin.php?page=settings-wisw&tokenerror=alert/XSS/;...

3.5CVSS1.9AI score0.00679EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/02/02 12:0 a.m.133 views

Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. http://example.com/wp-admin/edit.php?posttype=popupbuilder&page=sgpbSubscribers&sgpb-subscribers-date=%22%3E%3Cscript%3Ealert%28origin%29%3C%2Fscript%3E Video:...

0.9AI score0.00734EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/08/04 12:0 a.m.22 views

WordPress Newsletter Plugin < 6.8.2 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

8.8CVSS6.9AI score0.02082EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2015/08/04 12:0 a.m.14 views

Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=nf-processing=...

Exploits0References2Affected Software1
Rows per page
Query Builder