Lucene search
+L

4 matches found

OpenVAS
OpenVAS
added 2023/10/16 12:0 a.m.19 views

WordPress VK All in One Expansion Unit Plugin < 9.87.1.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vektor-inc:vkallinoneexpansionunit"; ifdescription...

6.1CVSS6.4AI score0.00519EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/03/20 3:52 p.m.31 views

CVE-2023-0937 VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.2AI score0.00519EPSS
Exploits2References1
OSV
OSV
added 2023/03/20 3:52 p.m.4 views

CVE-2023-0937 VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.8AI score0.00519EPSS
Exploits2References4
CVE
CVE
added 2023/03/20 3:52 p.m.77 views

CVE-2023-0937

The CVE-2023-0937 entry concerns the VK All in One Expansion Unit WordPress plugin prior to 9.87.1.0. The root cause is failure to escape the $_SERVER[REQUEST_URI] value before echoing it into an attribute, enabling Reflected Cross-Site Scripting. Affected component is the WordPress plugin code h...

6.1CVSS6.1AI score0.00519EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder