Lucene search
+L

5 matches found

OSV
OSV
added 2025/01/02 6:15 a.m.4 views

CVE-2024-12595

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

4.7CVSS7.3AI score0.00313EPSS
Exploits1References1
NVD
NVD
added 2025/01/02 6:15 a.m.8 views

CVE-2024-12595

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

4.7CVSS0.00313EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/02 6:0 a.m.8 views

CVE-2024-12595 AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

4.7AI score0.00313EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/02 6:0 a.m.15 views

CVE-2024-12595 AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.00313EPSS
Exploits1References1
CVE
CVE
added 2025/01/02 6:0 a.m.54 views

CVE-2024-12595

CVE-2024-12595 concerns the AHAthat Plugin for WordPress (versions ≤ 1.6). The issue is a reflected XSS caused by the plugin not escaping the PHP global $_SERVER['REQUEST_URI'] when it is echoed back inside an HTML attribute. This can enable a attacker-controlled input to be reflected in the page...

4.7CVSS5.9AI score0.00313EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder