Lucene search
K

233 matches found

CNNVD
CNNVD
added 2025/04/09 12:0 a.m.1 views

WordPress plugin Nino Social Connect 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS7.2AI score0.00173EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/27 3:5 a.m.3 views

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nabil Irawan in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.08...

7.1CVSS6.8AI score0.00168EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/03/25 6:15 a.m.4 views

CVE-2024-11272

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...

6.1CVSS5.8AI score0.00257EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/03/24 1:6 p.m.1 views

WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Odoo Form Integrator versions = 1.1.0...

7.1CVSS6.2AI score0.00154EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/15 4:38 a.m.12 views

CVE-2025-25925

A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...

4.8CVSS6.3AI score0.0032EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/03/12 11:10 a.m.5 views

WordPress Picture Gallery plugin <= 1.6.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Picture Gallery versions = 1.6.3...

7.1CVSS8.1AI score0.00352EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/03/11 9:47 p.m.4 views

WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Go To Top versions = 0.0.8...

7.1CVSS8AI score0.00139EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/03/11 9:43 p.m.4 views

WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin FTP Sync versions = 1.1.6...

7.1CVSS8.1AI score0.00139EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/03/11 8:15 p.m.15 views

CVE-2025-25925

A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...

4.8CVSS0.0032EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/11 12:0 a.m.6 views

CVE-2025-25925

A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...

6.5AI score0.0032EPSS
Exploits1References2
CVE
CVE
added 2025/03/11 12:0 a.m.64 views

CVE-2025-25925

CVE-2025-25925 refers to a stored cross-site scripting (XSS) vulnerability in OpenMRS v2.4.3 Build 0ff0ed. The issue allows attackers to inject arbitrary web scripts or HTML via the personName.middleName field on the page /openmrs/admin/patients/shortPatientForm.form, enabling script execution in...

4.8CVSS6.4AI score0.0032EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/11 12:0 a.m.15 views

CVE-2025-25925

A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...

0.0032EPSS
Exploits1References2
OSV
OSV
added 2025/02/26 1:15 p.m.5 views

CVE-2024-13633

The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00355EPSS
Exploits1References1
CNVD
CNVD
added 2025/02/17 12:0 a.m.8 views

Adobe Experience Manager cross-scripting vulnerability (CNVD-2025-03621)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.8AI score0.00368EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.4 views

PT-2025-7014 · Unknown · Notfound Coronavirus (Covid-19) Outbreak Data Widgets

Name of the Vulnerable Software and Affected Versions: NotFound Coronavirus COVID-19 Outbreak Data Widgets versions 1.1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This...

7.1CVSS9AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.3 views

PT-2025-7185

Name of the Vulnerable Software and Affected Versions: Kunal Shivale Global Meta Keyword & Description versions prior to 2.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing...

7.1CVSS8.2AI score0.00135EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/02/12 12:53 p.m.4 views

WordPress Rise Blocks plugin <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TitleTag Parameter vulnerability discovered by Nishiv in WordPress Plugin Rise Blocks versions = 3.6...

6.4CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.8 views

PT-2025-5401 · Unknown · Subscription Dna

Name of the Vulnerable Software and Affected Versions: Subscription DNA versions n/a through 2.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability and Stored XSS in Subscription DNA. Recommendations: For versions n/a through 2.1, update to a version that include...

7.1CVSS6.5AI score0.00186EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.4 views

WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Legal + versions = 1.0...

7.1CVSS6.1AI score0.00241EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.8 views

WordPress Theme My Ontraport Smartform plugin <= 1.2.11 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Theme My Ontraport Smartform versions = 1.2.11...

7.1CVSS6.2AI score0.0018EPSS
Exploits0Affected Software1
Rows per page
Query Builder