Lucene search
K

3 matches found

Cvelist
Cvelist
added 2024/11/21 2:6 a.m.31 views

CVE-2024-10682 Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. This makes it possible for unauthenticated...

6.1CVSS0.00588EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/21 2:6 a.m.12 views

CVE-2024-10682 Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. This makes it possible for unauthenticated...

6.1CVSS6.4AI score0.00588EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.25 views

WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.11.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.11.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10682 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownersh...

6.1CVSS5.7AI score0.00588EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder