Lucene search
K

103 matches found

Vulnrichment
Vulnrichment
added 2024/08/08 4:31 a.m.15 views

CVE-2024-5668 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS5.7AI score0.00282EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/08 2:30 a.m.4 views

WordPress FooBox plugin <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin FooBox Image Lightbox versions = 2.7.28...

6.4CVSS6AI score0.00282EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.5 views

PT-2024-36988 · WordPress · Foobox

Name of the Vulnerable Software and Affected Versions: FooBox plugin for WordPress versions up to, and including, 2.7.28 Description: The issue is related to DOM-based Stored Cross-Site Scripting via HTML data attributes due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS5.8AI score0.00282EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/07/01 3:52 a.m.6 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.45...

6.4CVSS6AI score0.00263EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

WordPress plugin Gallery Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

6.4CVSS6.2AI score0.00446EPSS
Exploits0References5
OSV
OSV
added 2023/08/30 4:23 p.m.3 views

DRUPAL-CONTRIB-2023-042

This module enables you to hide email addresses from bots and site scrapers by using the rot13 strategy. The module doesn't sufficiently escape the data attribute under the scenario a user has access to manipulate that value. This vulnerability is mitigated by the fact that an attacker must have ...

6.7AI score
Exploits0References1
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.6 views

Decidim 信息泄露漏洞

Decidim is a participatory democracy framework written in Ruby on Rails. An information disclosure vulnerability exists in versions of Decidim prior to 0.27.3, which stems from allowing all data attributes and associations to be filtered, allowing an unauthenticated, remote attacker to steal...

7.5CVSS7.3AI score0.00969EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/05/09 7:59 p.m.24 views

Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

Impact The HTML sanitizer, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki:...

9.6CVSS6.5AI score0.00818EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/05/09 1:15 p.m.17 views

CVE-2023-31126

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

9.6CVSS8.9AI score0.00818EPSS
Exploits0References3
OSV
OSV
added 2023/05/09 12:53 p.m.24 views

CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

9CVSS8.7AI score0.00818EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/05/09 12:53 p.m.10 views

CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

9CVSS9.1AI score0.00818EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.6 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions 14.6-rc-1 through 14.10.4, which stems from an HTML element cleaner that accepts invalid data attributes, allowin...

9.6CVSS8AI score0.00818EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.5 views

PT-2023-8607 · Xwiki · Xwiki-Commons-Xml

Name of the Vulnerable Software and Affected Versions: org.xwiki.commons:xwiki-commons-xml versions 14.6-rc-1 through 14.10.3 org.xwiki.commons:xwiki-commons-xml versions prior to 15.0 RC1 Description: The HTML sanitizer in the org.xwiki.commons:xwiki-commons-xml library allows the injection of...

9.6CVSS9.1AI score0.00818EPSS
Exploits0References10
OSV
OSV
added 2022/08/24 4:15 p.m.2 views

CVE-2022-34838

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user...

8.4CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/08/24 12:0 a.m.5 views

ABB Zenon 安全漏洞

ABB Zenon is a secure operational data management platform from ABB Switzerland. Easily connect machines, infrastructure and production assets. ABB Zenon 8.20 and prior versions have a security vulnerability that stems from a recoverable format storage password vulnerability that can be...

8.4CVSS5.6AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/24 12:0 a.m.4 views

PT-2022-22387 · Abb · Abb Zenon

Name of the Vulnerable Software and Affected Versions: ABB Zenon version 8.20 Description: The issue allows an attacker to add or alter data points and corresponding attributes. Once such engineering data is used, the data visualization will be altered for the end user. Recommendations: For ABB...

8.4CVSS8.3AI score0.00146EPSS
Exploits0References3
Hacker One
Hacker One
added 2021/05/15 7:30 a.m.27 views

Sifchain: Bootstrap library is vulnerable

Summary: The identified library bootstrap, version 4.0.0 is vulnerable Steps To Reproduce: Please upgrade to the latest version of bootstrap. Supporting Material/References: https://github.com/twbs/bootstrap/issues/28236 https://github.com/twbs/bootstrap/issues/20184 Impact XSS was possible in th...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2020/12/25 9:57 a.m.95 views

h1-ctf: [hacky-holidays] Grinch network is down

Flag 1 As always CTF begins with a tweet: F1126838 So we are supposed to start from https://hackyholidays.h1ctf.com/ . The first flag was easy on https://hackyholidays.h1ctf.com/ I found a file named robots.txt which had the following content: User-agent: Disallow: /s3cr3t-ar3a Flag:...

7AI score
Exploits0
OSV
OSV
added 2020/12/04 8:4 p.m.7 views

GHSA-5P28-63MC-CGR9 Cross-Site Scripting bypass in html-purify

All versions of html-purify are vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows javascript URIs leading to code execution. No fix is currently available. Consider using an alternative package until a fix is made available...

5.2AI score
Exploits0References1
CNVD
CNVD
added 2020/04/23 12:0 a.m.1 views

Lazysizes Cross-Site Scripting Vulnerability

lazysizes is a lightweight inert loader. It is mainly used for delayed loading of content such as images, iframes and scripts. A security vulnerability exists in lazysizes 5.2.0 and earlier versions, which stems from the program's failure to clean up the following attributes: data-vimeo,...

5.4CVSS7AI score0.00889EPSS
Exploits1References1
Rows per page
Query Builder