Lucene search
K

171 matches found

NVD
NVD
added 2022/07/15 8:15 a.m.30 views

CVE-2022-29890

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link...

6.1CVSS0.0039EPSS
Exploits0References1
Fedora
Fedora
added 2022/07/04 1:35 a.m.22 views

[SECURITY] Fedora 36 Update: powerline-go-1.21.0-4.fc36

A Powerline like prompt for Bash, ZSH and Fish. - Shows some important details about the git/hg branch - Changes color if the last command exited with a failure code - If you're too deep into a directory tree, shortens the displayed path with an ellipsis - Shows the current Python virtualenv...

9.3CVSS8.3AI score0.05994EPSS
Exploits4
NVD
NVD
added 2022/03/10 5:42 p.m.30 views

CVE-2021-33851

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...

5.4CVSS0.01318EPSS
Exploits1References1
OSV
OSV
added 2022/03/10 5:42 p.m.6 views

CVE-2021-33851

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...

5.4CVSS5.9AI score0.01318EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.4 views

WordPress Plugin 跨站脚本漏洞

WordPress plugin is a WordPress open source application plugin. WordPress Customize Login Image Plugin version 3.4 contains a cross-site scripting vulnerability that can be exploited by attackers to cause arbitrary code JavaScript to run when a user's browser connects to a trusted website...

5.4CVSS5.6AI score0.01318EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/03/09 4:54 p.m.27 views

CVE-2021-33851

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...

5.5AI score0.01318EPSS
Exploits1References1
CNVD
CNVD
added 2021/09/03 12:0 a.m.8 views

WordPress plugin WP Customize Login 'Change Logo Title' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up websites on servers supporting PHP and MySQL databases, and can also be used as a content management system CMS. cross-site scripting vulnerability exists in the WordPress plugin WP Customize Login 'Change Log...

1.2AI score
Exploits0References1
0day.today
0day.today
added 2021/08/04 12:0 a.m.145 views

WordPress WP Customize Login 1.1 Plugin - (Change Logo Title) Stored Cross-Site Scripting Vulnerabil

Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1. Install WordPress...

Exploits0
Packet Storm
Packet Storm
added 2021/08/04 12:0 a.m.230 views

WordPress WP Customize Login 1.1 Cross Site Scripting

Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Date: 2021-08-03 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/04 12:0 a.m.330 views

WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Date: 2021-08-03 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

7.4AI score
Exploits0
OSV
OSV
added 2021/03/26 4:15 p.m.4 views

CVE-2020-35856

SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page...

4.8CVSS6AI score0.00723EPSS
Exploits0References2
Prion
Prion
added 2021/03/26 4:15 p.m.22 views

Cross site scripting

SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page...

3.5CVSS4.8AI score0.00723EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/26 3:17 p.m.32 views

CVE-2020-35856

SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page...

4.9AI score0.00723EPSS
Exploits0References2
CVE
CVE
added 2021/03/26 3:17 p.m.91 views

CVE-2020-35856

SolarWinds Orion Platform ≤ 2020.2.4 is affected by CVE-2020-35856, a stored cross-site scripting (XSS) vulnerability that exists on the Customize View page and requires an Orion administrator account to exploit. The issue is associated with the add custom tab within the Customize View page, enab...

4.8CVSS5.2AI score0.00723EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.4 views

Solarwinds Orion Platform 跨站脚本漏洞

SolarWinds Orion Platform is a comprehensive bandwidth performance management and fault management application that lets you view real-time statistics about your network directly from your Web browser. A stored cross-site scripting vulnerability exists in SolarWinds Orion Platform versions prior ...

4.8CVSS5.2AI score0.00723EPSS
Exploits0References3
wpexploit
wpexploit
added 2021/02/01 12:0 a.m.641 views

Ivory Search < 4.5.11 - Authenticated Reflected Cross-Site Scripting (XSS)

The setting page of Ivory Search 4.5.10 is vulnerable to reflected XSS when a logged in administrator visit a malicious link or page, as it does not sanitise or escape the GET post parameter before outputting it in a tag attribute As an admin user, open:...

0.2AI score
Exploits0
Kitploit
Kitploit
added 2021/01/21 8:30 p.m.64 views

WPCracker - WordPress User Enumeration And Login Brute Force Tool

WordPress user enumeration and login Brute Force tool for Windows and Linux With the Brute Force tool, you can control how aggressive an attack you want to perform, and this affects the attack time required. The tool makes it possible to adjust the number of threads as well as how large password...

7AI score
Exploits0References2
Veeam
Veeam
added 2020/04/02 12:0 a.m.46 views

How to Customize the VSPC Welcome Email

Purpose This article documents how to customize the Welcome emails sent out by Veeam Service Provider Console. Solution Requirements and Considerations for Modifying the Welcome Email Template File To modify the Welcome email template file effectively, proficiency in XML, HTML, and XSLT is...

6.8AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2019/12/25 12:0 a.m.25 views

bbPress Login Register Links On Forum Topic Pages <= 2.7.5 - CSRF to Stored XSS

Lack of CSRF checks in the plugin's settings allow arbitrary change of the settings, which can also lead to stored XSS issues. The payload below will result in a stored XSS in the 'Style Customize' page. " /...

0.1AI score
Exploits0References1
Kitploit
Kitploit
added 2019/11/20 9:23 p.m.77 views

Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests

This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite Scanner, Intruder, Repeater, Proxy History and also you can choose whatever HTTP VERB what do you want to customize. Usage Easy to use ! : Don't forget to click save button ! Changelog 24...

7.3AI score
Exploits0References3
Rows per page
Query Builder