Lucene search
K

265 matches found

cve
cve
added 2025/08/28 12:37 p.m.14 views

CVE-2025-54029

CVE-2025-54029 affects the WordPress plugin WooCommerce csv import export (versions up to 2.0.6). The issue is an improper limitation of a pathname to a restricted directory (path traversal), enabling traversal to arbitrary files. Some sources also describe an Arbitrary File Deletion impact. Reme...

7.7CVSS5.9AI score0.0035EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/08/28 12:0 a.m.3 views

WordPress plugin WooCommerce csv import export 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

7.7CVSS6.5AI score0.0035EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/07/12 12:0 a.m.7 views

WordPress plugin AIT CSV import/export 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin AIT CSV import/export has a code issue vulnerability , the vulnerability stems from the...

9.8CVSS7.2AI score0.04655EPSS
Exploits2References2
nvd
nvd
added 2025/07/09 1:15 a.m.9 views

CVE-2025-34083

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36849...

Exploits1
cvelist
cvelist
added 2025/07/09 12:50 a.m.10 views

CVE-2025-34083

...

Exploits1
redhatcve
redhatcve
added 2025/05/23 10:9 a.m.6 views

CVE-2024-2656

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escapin...

4.4CVSS5.7AI score0.0035EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:10 a.m.12 views

CVE-2024-12772

The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability...

6.1CVSS6.2AI score0.0032EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 3:22 a.m.7 views

CVE-2023-24686

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file...

4.8CVSS7.8AI score0.00658EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 1:25 a.m.7 views

CVE-2022-25241

In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery CSRF...

8.8CVSS6.8AI score0.03271EPSS
Exploits4References1
redhatcve
redhatcve
added 2025/05/23 12:57 a.m.7 views

CVE-2022-43771

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...

6.5CVSS6.9AI score0.23894EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:11 p.m.7 views

CVE-2022-1566

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...

4.8CVSS6AI score0.0064EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 10:5 p.m.9 views

CVE-2022-1255

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues...

4.8CVSS6AI score0.00689EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 7:23 p.m.6 views

CVE-2021-24812

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV...

5.4CVSS5.8AI score0.00604EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 10:10 a.m.8 views

CVE-2019-20891

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...

8.8CVSS6AI score0.00534EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 4:9 a.m.5 views

CVE-2014-5016

Multiple cross-site scripting XSS vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via 1 the pid attribute to the getAttributejson function to application/controllers/admin/participantsaction.php in CPDB, 2 the sa parameter to...

4.3CVSS6AI score0.01474EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/16 3:14 p.m.11 views

CVE-2024-56157

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS6.2AI score0.00226EPSS
Exploits0References1
nvd
nvd
added 2025/05/14 3:15 p.m.17 views

CVE-2024-56157

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS0.00226EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/05/14 2:40 p.m.14 views

CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS6.2AI score0.00226EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/14 2:40 p.m.19 views

CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS0.00226EPSS
Exploits0References1
cve
cve
added 2025/05/14 2:40 p.m.47 views

CVE-2024-56157

Summary: CVE-2024-56157 affects iTop before versions 3.1.3 and 3.2.1, where inserting malicious code into a CSV during import enables a cross-site scripting (XSS) attack. Affected software: iTop (web-based IT Service Management tool; Combodo). Root cause / vector: CSV import accepts unvalidated/m...

6.3CVSS6AI score0.00226EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder