Lucene search
K

71 matches found

Cvelist
Cvelist
added 2026/01/09 11:15 a.m.21 views

CVE-2025-13704 Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter

The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headclass' parameter of the 'autogenmenu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-1708

Name of the Vulnerable Software and Affected Versions Autogen Headers Menu plugin for WordPress versions up to and including 1.0.1 Description The Autogen Headers Menu plugin for WordPress is susceptible to Stored Cross-Site Scripting through the head class parameter of the autogen menu shortcode...

6.4CVSS5AI score0.0024EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.5 views

CVE-2025-13705

The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.1AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203222

The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.00181EPSS
Exploits0References4
CVE
CVE
added 2025/12/13 4:31 a.m.15 views

CVE-2025-13705

CVE-2025-13705 concerns the WordPress plugin Custom Frames (

6.4CVSS4.8AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.28 views

CVE-2025-13705 Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter

The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.4 views

PT-2025-51063

The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.1AI score0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/28 2:34 p.m.5 views

CVE-2025-34310 IPFire < v2.29 Stored XSS via Quality of Service (QoS) Settings

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters when updating Quality of Service QoS settings. When a...

5.1CVSS5.6AI score0.00453EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-2328

Malware in sbrugna...

4.3CVSS6.4AI score0.00871EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28690

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00279EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2025-12098

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00203EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54945

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00302EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/04 12:28 a.m.3 views

CVE-2024-51423

Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter...

6.1CVSS7.3AI score0.00302EPSS
Exploits1References1
NVD
NVD
added 2025/09/02 4:15 p.m.4 views

CVE-2024-51423

Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter...

6.1CVSS0.00302EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.3 views

Infor Global HR 安全漏洞

Infor Global HR is a software from Infor, Inc. with unified management of global employee data. A security vulnerability exists in Infor Global HR version 11.23.03.00.21 and earlier, which stems from improper handling of the class parameter and could lead to remote code execution...

6.1CVSS7.8AI score0.00302EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/09/02 12:0 a.m.6 views

CVE-2024-51423

Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter...

0.00302EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/02 12:0 a.m.3 views

CVE-2024-51423

Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter...

6.8AI score0.00302EPSS
Exploits1References1
CVE
CVE
added 2025/09/02 12:0 a.m.12 views

CVE-2024-51423

CVE-2024-51423 affects Infor Global HR GHR versions 11.23.03.00.21 and earlier. The issue is a Cross Site Scripting vulnerability via the class parameter that could allow a remote attacker to execute arbitrary code. Several sources (Red Hat, NVD, CNNVD, CVE listings) corroborate this, with a CVSS...

6.1CVSS6.8AI score0.00302EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.4 views

PT-2025-35573

Name of the Vulnerable Software and Affected Versions: Infor Global HR GHR versions 11.23.03.00.21 and before Description: A Cross Site Scripting issue exists in Infor Global HR GHR that allows a remote attacker to execute arbitrary code via the class parameter. Recommendations: Update Infor Glob...

6.1CVSS6.7AI score0.00302EPSS
Exploits1References3
OSV
OSV
added 2025/06/26 10:15 a.m.5 views

CVE-2025-5842

The Modern Design Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

5.4CVSS5.9AI score0.00279EPSS
Exploits0References4
Rows per page
Query Builder