Lucene search
K

73 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/04 7:15 a.m.6 views

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit Comment CWE-79 - CVE-2026-21393 Stored cross-site scripting vulnerability in Export Sites CWE-79 - CVE-2026-22875 Unrestricted upload of file with...

6.5CVSS5.5AI score0.00216EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:2 a.m.3 views

CVE-2026-21393

Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...

5.4CVSS5.2AI score0.00208EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2026/01/31 12:30 a.m.4 views

EUVD-2020-30928

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...

7.1CVSS5.9AI score0.00338EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.11 views

Naviwebs Navigate CMS SQL Injection Vulnerability

Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.7 of Naviwebs Navigate CMS, there is a SQL injection vulnerability. This vulnerability stems from the sidx parameter in the comments, which allows for SQL injections, potentially leadin...

7.1CVSS5.9AI score0.00338EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2025/11/05 9:17 a.m.183 views

webapp-fire

webapp-fire Vulnerable Flask app Mi...

7.3AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-8697

Malware in sbrugna...

6.1CVSS6.3AI score0.02077EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-6670

Malware in sbrugna...

4.3CVSS4.6AI score0.00973EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8580

Malware in sbrugna...

5.4CVSS5.5AI score0.00483EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/06 6:0 a.m.2 views

CVE-2025-9710 Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments

The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks...

5.6AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-15914

Malicious code in bioql PyPI...

4.8CVSS5.3AI score0.00577EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/10/01 6:0 a.m.11 views

CVE-2025-9512 Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...

0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:11 a.m.7 views

CVE-2024-6704

The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing...

6.1CVSS6.1AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:19 a.m.7 views

CVE-2024-35539

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently...

6.5CVSS5.9AI score0.01445EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:9 p.m.5 views

CVE-2024-12767 BuddyBoss platform < 2.7.60 - Private Comment Exposure via IDOR

The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts...

7.5AI score0.0028EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/29 3:36 p.m.34 views

CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...

6.3CVSS0.00276EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/01/24 5:24 p.m.30 views

CVE-2025-24613 WordPress FV Thoughtful Comments plugin <= 0.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in FolioVision FV Thoughtful Comments thoughtful-comments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Thoughtful Comments: from n/a through = 0.3.5...

4.3CVSS0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/19 12:0 a.m.6 views

typecho 安全漏洞

typecho is a PHP blogging platform for typecho individual developers. It is simple and powerful. A security vulnerability exists in typecho 1.3.0 and earlier versions, which stems from a competitive condition vulnerability in the post comment feature that allows an attacker to post multiple...

6.5CVSS6.6AI score0.01445EPSS
Exploits4References4
CNNVD
CNNVD
added 2024/07/05 12:0 a.m.17 views

Drupal Wiki Security Vulnerabilities

Drupal Wiki is a free and open source content management system from Drupal Wiki, Inc. A security vulnerability exists in Drupal Wiki versions prior to 8.31.1, which stems from allowing cross-site scripting XSS attacks via comments, titles, and image captions on Wiki pages...

6.1CVSS5.9AI score0.00625EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.4 views

PT-2024-23049 · WordPress · Fancy Comments

Name of the Vulnerable Software and Affected Versions: Fancy Comments WordPress versions 1.2.14 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...

6.5CVSS8.6AI score0.00336EPSS
Exploits0References7
NVD
NVD
added 2023/05/28 5:15 p.m.22 views

CVE-2023-33216

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder