Lucene search
K

190 matches found

CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

SAP CRM 跨站脚本漏洞

SAP CRM is a customer relationship management system from SAP, Germany. SAP CRM suffers from a cross-site scripting vulnerability that stems from custom CSS support options that do not adequately encode user-controlled input, which can be exploited by an attacker to execute arbitrary web script o...

6.1CVSS5.9AI score0.00256EPSS
Exploits0References4
CVE
CVE
added 2024/06/25 6:57 a.m.46 views

CVE-2024-3249

CVE-2024-3249: The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks on import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings in all versions up to 1.6.2. Authenticated a...

4.3CVSS4.7AI score0.00343EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/15 1:47 a.m.4 views

WordPress Add Custom CSS and JS plugin <= 1.20 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Add Custom CSS and JS versions = 1.20...

7.1CVSS6AI score0.00212EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/05/15 12:0 a.m.10 views

WordPress Add Custom CSS and JS Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add Custom CSS and JS Type Plugin Vulnerable versions = 1.20 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3903 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 22677f60c11f Credits Bob Matyas Requir...

7.1CVSS6.6AI score0.00212EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2024/05/14 3:42 p.m.5 views

CVE-2024-3903

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack...

7.1CVSS5.8AI score0.00212EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

WordPress plugin Add Custom CSS and JS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.1CVSS6.4AI score0.00212EPSS
Exploits2References3
wpexploit
wpexploit
added 2024/04/18 12:0 a.m.159 views

Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack Make an author or above role open the following HTML: alert"frontendjs"' /...

5.9AI score0.00212EPSS
Exploits2
OSV
OSV
added 2024/04/09 7:15 p.m.10 views

CVE-2023-6486

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS6AI score0.00572EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/09 6:59 p.m.28 views

CVE-2023-6486 Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00572EPSS
Exploits1References4
CVE
CVE
added 2024/04/09 6:59 p.m.68 views

CVE-2023-6486

CVE-2023-6486 (Spectra – WordPress Gutenberg Blocks) Stored Cross‑Site Scripting via the Custom CSS metabox in Spectra. Affected: all versions up to 2.10.3. Root cause: insufficient input sanitization and output escaping in the metabox. Impact: authenticated attackers with contributor level or hi...

6.4CVSS7.7AI score0.00572EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/04/04 2:10 a.m.7 views

WordPress Spectra plugin <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS vulnerability

AuthenticatedContributor+ Cross-Site Scripting via Custom CSS vulnerability discovered by Akbar Kustirama in WordPress Plugin Spectra versions = 2.10.3...

6.4CVSS6.4AI score0.00572EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2024/02/21 12:0 a.m.152 views

Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a new Facebook like widget. ...

7.3AI score0.00396EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/02/21 12:0 a.m.22 views

Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Create a new Facebook like...

7.2AI score0.00396EPSS
Exploits2References1Affected Software1
OpenVAS
OpenVAS
added 2023/11/27 12:0 a.m.12 views

WordPress Custom CSS Pro Plugin < 1.0.4 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:waspthemes:customcsspro"; if description...

8.8CVSS7AI score0.01008EPSS
Exploits0References1
NVD
NVD
added 2023/10/20 8:15 a.m.26 views

CVE-2021-4418

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save code snippets via a forged...

4.3CVSS4.5AI score0.00397EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.11 views

CVE-2021-4418 Custom CSS, JS & PHP <= 2.0.7 - Cross-Site Request Forgery Bypass

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save code snippets via a forged...

4.3CVSS5.9AI score0.00397EPSS
Exploits1References9
Cvelist
Cvelist
added 2023/10/20 7:29 a.m.23 views

CVE-2021-4418 Custom CSS, JS & PHP <= 2.0.7 - Cross-Site Request Forgery Bypass

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save code snippets via a forged...

4.3CVSS4.8AI score0.00397EPSS
Exploits1References9
wpexploit
wpexploit
added 2023/08/17 12:0 a.m.212 views

tagDiv Composer < 4.2 - Admin+ Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

4.8CVSS4.9AI score0.00377EPSS
Exploits2
OpenVAS
OpenVAS
added 2023/05/17 12:0 a.m.9 views

WordPress FooGallery Plugin < 2.0.35 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:fooplugins:foogallery"; if description...

5.4CVSS5.6AI score0.00624EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/11 3:3 a.m.8 views

CVE-2023-29112 Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)

The SAP Application Interface Message Monitoring - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limite...

3.7CVSS6.7AI score0.00324EPSS
Exploits0References2
Rows per page
Query Builder