Lucene search
K

29 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 7:15 p.m.4 views

CVE-2026-4972

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 7:15 p.m.4 views

CVE-2026-4972 code-projects Online Reviewer System btn_functions.php cross site scripting

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/27 7:15 p.m.27 views

CVE-2026-4972 code-projects Online Reviewer System btn_functions.php cross site scripting

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

4.8CVSS0.00202EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/12 7:33 a.m.6 views

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 5:16 a.m.19 views

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00227EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 4:36 a.m.4 views

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References4
CVE
CVE
added 2026/02/11 4:36 a.m.20 views

CVE-2026-1893

The CVE affects Orbisius Random Name Generator for WordPress. Description: Stored Cross-Site Scripting via the btn_label shortcode attribute in orbisius_random_name_generator, affect versions up to 1.0.2. Root cause: insufficient input sanitization and output escaping. Impact: authenticated attac...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.6 views

CVE-2026-2222

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btnfunctions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack m...

4.8CVSS3.7AI score0.00205EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/02/09 8:32 a.m.40 views

CVE-2026-2224 code-projects Online Reviewer System btn_functions.php cross site scripting

A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btnfunctions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the attack remotely. The...

5.1CVSS0.00193EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/09 8:32 a.m.4 views

CVE-2026-2224

A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btnfunctions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the attack remotely. The...

5.1CVSS4AI score0.00193EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/09 8:32 a.m.16 views

CVE-2026-2224

CVE-2026-2224 affects code-projects Online Reviewer System 1.0. The vulnerability is a cross-site scripting (XSS) in the file /system/system/admins/manage/users/btn_functions.php, where manipulating the firstname argument enables a remote attack. Several connected sources confirm the issue and in...

5.4CVSS4AI score0.00193EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/02/09 7:32 a.m.30 views

CVE-2026-2222 code-projects Online Reviewer System btn_functions.php cross site scripting

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btnfunctions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack m...

4.8CVSS0.00205EPSS
Exploits2References5
NVD
NVD
added 2026/02/09 7:16 a.m.8 views

CVE-2026-2220

A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...

9.8CVSS0.00341EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/09 6:32 a.m.6 views

CVE-2026-2220 code-projects Online Reviewer System btn_functions.php sql injection

A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...

7.5CVSS5.6AI score0.00341EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/09 6:32 a.m.29 views

CVE-2026-2220 code-projects Online Reviewer System btn_functions.php sql injection

A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...

7.5CVSS0.00341EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.16 views

PT-2026-7076

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn functions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack...

4.8CVSS3.7AI score0.00205EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.12 views

CVE-2025-13898

The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnid' parameter of the ultraskype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.1AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.7 views

PT-2025-49351

The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn id' parameter of the ultra skype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS5.1AI score0.00193EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/26 4:17 p.m.3 views

Malicious code in comp-base-btn-switch (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14384b4ee9a2e634b9dcaf1e9530d4080d824af4af82fdea8084b744f81c5d7f Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
Cvelist
Cvelist
added 2024/11/15 10:52 a.m.31 views

CVE-2021-3988 Cross-site Scripting (XSS) in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

5.7CVSS0.00356EPSS
Exploits1References2
Rows per page
Query Builder