Lucene search
K

56 matches found

osv
osv
added 2024/05/22 5:15 a.m.4 views

CVE-2024-31395

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

6.1CVSS5.9AI score
Exploits0References2
vulnrichment
vulnrichment
added 2024/03/12 8:19 a.m.22 views

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...

6.8AI score0.00832EPSS
Exploits0References2
jvn
jvn
added 2024/03/08 6:27 a.m.2 views

a-blog cms vulnerable to directory traversal

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

6.8CVSS6.9AI score0.00832EPSS
Exploits0References5
patchstack
patchstack
added 2023/11/28 12:0 a.m.15 views

WordPress Widgets for Airbnb Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Airbnb Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 17c7b7de54d5 Credits Rafie Muhammad Patchstack...

8CVSS7.2AI score0.00535EPSS
Exploits0References2Affected Software1
patchstack
patchstack
added 2023/11/28 12:0 a.m.8 views

WordPress Widgets for Zillow Reviews Plugin <= 11.0.2 is vulnerable to Arbitrary File Upload

Software Widgets for Zillow Reviews Type Plugin Vulnerable versions = 11.0.2 Fixed in 11.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 4f292716d1ce Credits Rafie Muhammad Patchstack...

8CVSS7.2AI score0.00535EPSS
Exploits0References2Affected Software1
patchstack
patchstack
added 2023/11/20 12:0 a.m.10 views

WordPress CataBlog Plugin <= 1.7.0 is vulnerable to Arbitrary File Deletion

Software CataBlog Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-47843 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID 9a8041fb49de Credits Rafie Muhammad Patchstack...

7.6CVSS6.5AI score0.00519EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2023/08/23 12:0 a.m.8 views

OpenNMS Horizon 安全漏洞

OpenNMS Horizon is an open source solution from OpenNMS that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon versions prior to 32.0.2, which stems from the fact that any user with the ROLEFILESYSTEMEDITOR privilege c...

8CVSS7.7AI score0.00372EPSS
Exploits0References3
patchstack
patchstack
added 2023/04/18 12:0 a.m.12 views

WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Themify Portfolio Post Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-32970 Patch priority Low CVSS severity Low 4.1 Developer Claim ownership PSID b8a82c2c105c Credits Muhammad Daffa...

5.4CVSS6AI score0.00364EPSS
Exploits0References2Affected Software1
pypa
pypa
added 2023/04/03 5:15 p.m.6 views

PYSEC-2023-55

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...

6.4CVSS5.6AI score0.00772EPSS
Exploits0References8Affected Software1
patchstack
patchstack
added 2023/03/20 12:0 a.m.11 views

WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Store Locator WordPress Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.4.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2023-27618 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fa355c2bcc3a Credits Abdi Pranata...

5.9CVSS6.3AI score0.00396EPSS
Exploits0References2Affected Software1
grafana
grafana
added 2023/02/28 12:0 a.m.8 views

Text panel plugin XSS

Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin “Text”. The stored XSS vulnerability requires several user interactions in order to be...

6.4CVSS6.8AI score0.01562EPSS
Exploits0
grafana
grafana
added 2023/01/26 12:0 a.m.10 views

Stored XSS in ResourcePicker component

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren’t properly...

7.3CVSS6.9AI score0.00779EPSS
Exploits0
cnnvd
cnnvd
added 2022/09/16 12:0 a.m.7 views

Bolt Financial Bolt CMS 安全漏洞

Bolt Financial Bolt CMS is an open source PHP-based content management system from Bolt Financial. A security vulnerability exists in Bolt Financial Bolt CMS version 5.1.12 that originates from allowing an authenticated user with ROLEEDITOR privileges to upload and rename malicious files, which c...

8.8CVSS8.3AI score0.23362EPSS
Exploits2References3
attackerkb
attackerkb
added 2022/07/04 1:15 p.m.7 views

CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS5.5AI score0.00552EPSS
Exploits2References2
osv
osv
added 2022/02/16 5:15 p.m.3 views

CVE-2022-24664

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...

8.8CVSS5.9AI score0.0165EPSS
Exploits2References1
nvd
nvd
added 2001/05/03 4:0 a.m.15 views

CVE-2001-0289

Joe text editor 2.8 searches the current working directory CWD for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory...

4.6CVSS6.7AI score0.00742EPSS
Exploits0References4
Rows per page
Query Builder