Lucene search
K

103 matches found

EUVD
EUVD
added 2025/12/19 7:17 p.m.5 views

EUVD-2025-204585

Orejime has executable code in HTML attributes...

6.3CVSS6.5AI score0.00183EPSS
Exploits0References4
OSV
OSV
added 2025/12/19 7:17 p.m.2 views

GHSA-72MH-HGPM-6384 Orejime has executable code in HTML attributes

Impact On HTML elements handled by Orejime, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed ones i.e. data-href into href, thus executing the code. This shouldn't have any...

6.1CVSS6.9AI score0.00183EPSS
Exploits0References5
NVD
NVD
added 2025/12/19 5:15 p.m.4 views

CVE-2025-68457

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

6.1CVSS0.00183EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/19 4:40 p.m.2 views

CVE-2025-68457 Orejime has executable code in HTML attributes

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

2.3CVSS6.6AI score0.00183EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/19 4:40 p.m.24 views

CVE-2025-68457 Orejime has executable code in HTML attributes

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

2.3CVSS0.00183EPSS
Exploits0References3
OSV
OSV
added 2025/12/19 4:40 p.m.3 views

CVE-2025-68457 Orejime has executable code in HTML attributes

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

2.3CVSS6.8AI score0.00183EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.8 views

PT-2025-52495

Name of the Vulnerable Software and Affected Versions Orejime versions prior to 2.3.2 Description Orejime, a consent manager focusing on accessibility, had a flaw where malicious code could be executed on HTML elements it handled. This occurred because the software, prior to version 2.3.2, would...

6.3CVSS7.1AI score0.00183EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/11/06 10:13 a.m.12 views

CVE-2025-11820

The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...

6.4CVSS5.1AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/05 9:27 a.m.7 views

CVE-2025-11820 Graphina – Elementor Charts and Graphs <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets

The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...

6.4CVSS0.00207EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/05 2:13 a.m.4 views

CVE-2025-11841

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and including, 12.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00176EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/04 4:45 a.m.6 views

WordPress Greenshift plugin <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Chart Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin Greenshift versions = 12.2.7...

6.4CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/04 3:15 a.m.4 views

CVE-2025-11841

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and including, 12.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 2025/11/04 1:50 a.m.15 views

CVE-2025-11841

CVE-2025-11841 (Greenshift – animation and page builder blocks) affects Greenshift for WordPress up to and including version 12.2.7. The vulnerability is a stored XSS via Chart Data attributes caused by insufficient input sanitization and output escaping. It requires authenticated access at Contr...

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/04 1:50 a.m.9 views

CVE-2025-11841 Greenshift – animation and page builder blocks <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and including, 12.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.8 views

PT-2025-44914

Name of the Vulnerable Software and Affected Versions Greenshift – animation and page builder blocks versions up to and including 12.2.7 Description The Greenshift plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Chart Data attributes. Insufficient input sanitization...

6.4CVSS5.2AI score0.00176EPSS
Exploits0References5
CVE
CVE
added 2025/10/22 3:31 p.m.11 views

CVE-2025-62659

The CVE-2025-62659 issue affects the MediaWiki CookieConsent extension for Cookie consent management. It is a Cross-Site Scripting (XSS) vulnerability caused by improper handling of reserved data attributes in the Sanitizer::validateAttributes() function, enabling arbitrary scripts to run in a us...

2.1CVSS5.5AI score0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 3:31 p.m.3 views

CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...

2.1CVSS5.5AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 3:31 p.m.16 views

CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...

2.1CVSS0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-28378

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00359EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31038

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00282EPSS
Exploits1References6
Rows per page
Query Builder