Lucene search
K

39 matches found

NVD
NVD
added 2025/08/20 3:15 a.m.7 views

CVE-2025-8289

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the deleteassociatedfiles function. This makes it possible for unauthenticated attackers to inject a PHP Object. This...

7.5CVSS0.00367EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 1:44 a.m.3 views

CVE-2025-8289 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the deleteassociatedfiles function. This makes it possible for unauthenticated attackers to inject a PHP Object. This...

7.5CVSS7.8AI score0.00367EPSS
Exploits0References2
CVE
CVE
added 2025/08/20 1:44 a.m.31 views

CVE-2025-8289

CVE-2025-8289 affects the WordPress plugin Redirection for Contact Form 7, vulnerable to unauthenticated PHP Object Injection via PHAR deserialization in delete_associated_files, for versions up to 3.2.4. Exploitation requires a form with a file upload action and the extension “Redirection For Co...

7.5CVSS7.2AI score0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 1:44 a.m.13 views

CVE-2025-8289 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the deleteassociatedfiles function. This makes it possible for unauthenticated attackers to inject a PHP Object. This...

7.5CVSS0.00367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-33895 · WordPress +1 · Redirection For Contact Form 7 +2

Name of the Vulnerable Software and Affected Versions: Redirection for Contact Form 7 plugin for WordPress versions prior to 3.2.5 Description: The Redirection for Contact Form 7 plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the delet...

7.5CVSS7.1AI score0.00367EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/16 3:26 p.m.6 views

CVE-2025-53631

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

5.4CVSS7AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 4:15 p.m.9 views

CVE-2025-53631

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

5.4CVSS0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 3:26 p.m.8 views

CVE-2025-53631 flaskBlog XSS Vulnerability in postContent

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

5.3CVSS6.9AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 3:26 p.m.30 views

CVE-2025-53631

FlaskBlog vulnerability CVE-2025-53631 affects FlaskBlog versions prior to 2.8.1. Root cause: improper sanitization of postContent submitted to /createpost, enabling arbitrary JavaScript execution (XSS) on all pages where the post is reflected (/, /post/[ID], /admin/posts, /user/[ID]). Impact is ...

5.4CVSS6.9AI score0.00199EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/07/18 9:30 a.m.4 views

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the deduplicateCreatePost method. An attacker can access posts in private channels without proper...

7.1CVSS6.9AI score0.00309EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2023/06/12 12:0 a.m.246 views

BB Machine Forum 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Veracode
Veracode
added 2023/01/03 9:44 a.m.14 views

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scriptingXSS attacks. An attacker is able to inject and execute malicious javascript via the create post functionality...

5.4CVSS5.6AI score0.00652EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/02 12:1 a.m.21 views

Cross-site Scripting in Anchor CMS

A cross-site scripting XSS vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS3.6AI score0.00617EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/01 1:15 p.m.7 views

CVE-2021-46253

A cross-site scripting XSS vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS6AI score0.00617EPSS
Exploits1References3
OSV
OSV
added 2021/09/13 6:15 p.m.4 views

CVE-2021-24605

The createpostpage AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue...

5.4CVSS5.8AI score0.0062EPSS
Exploits2References1
NVD
NVD
added 2008/06/25 12:36 p.m.21 views

CVE-2008-2849

Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00842EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2008/06/25 12:36 p.m.3 views

CVE-2008-2849

Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00842EPSS
Exploits0References5
Prion
Prion
added 2008/06/25 12:36 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00842EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2008/06/25 10:0 a.m.25 views

CVE-2008-2849

Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.00842EPSS
Exploits0References4
Rows per page
Query Builder