CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Positive Technologies•added 2024/10/03 12:0 a.m.•4 views

PT-2024-10113 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix versions prior to 7.0.3 Description: The issue is related to insufficient input validation in the Zabbix universal monitoring system. This can allow a remote attacker to elevate their privileges. When a URL is added to the map element,...

9.9CVSS5.6AI score0.78831EPSS

Exploits15References120

OSV•added 2024/02/29 1:43 a.m.•2 views

CVE-2024-0442

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

6.4CVSS7.4AI score0.00481EPSS

Exploits0References5

PyPA•added 2024/01/23 6:15 p.m.•6 views

PYSEC-2024-19

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in requests.py. The returned...

6.1CVSS6.2AI score0.0063EPSS

Exploits1References10Affected Software1

CNNVD•added 2024/01/23 12:0 a.m.•4 views

whoogle-search Cross-Site Scripting Vulnerability

whoogle-search is a software application. Self-hosted, ad-free, privacy-respecting meta-search engine A cross-site scripting vulnerability exists in whoogle-search versions prior to 0.8.4, which stems from the element method in app/routes.py that does not validate user-controlled srctype and...

6.1CVSS6AI score0.0063EPSS

Exploits1References9

Positive Technologies•added 2024/01/18 12:0 a.m.•4 views

PT-2024-19407 · Unknown · Whoogle Search

Name of the Vulnerable Software and Affected Versions: Whoogle Search versions 0.8.3 and prior Description: Whoogle Search is a self-hosted metasearch engine. The element method in app/routes.py does not validate the user-controlled src type and element url variables and passes them to the send...

6.1CVSS6.3AI score0.0063EPSS

Exploits1References17

OSV•added 2022/06/27 9:15 a.m.•3 views

CVE-2022-2040

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00571EPSS

Exploits2References2

wpexploit•added 2022/06/21 12:0 a.m.•117 views

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL

The plugin does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks As a contributor or above, create a post using Brizy editor, add an Icon or Button element and put the following payload in the "Link...

5.4CVSS5.2AI score0.00571EPSS

Exploits2References1

WPVulnDB•added 2022/06/21 12:0 a.m.•19 views

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL

The plugin does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor or above, create a post using Brizy editor, add an Icon or Button element and put the following payload in the...

5.4CVSS1.7AI score0.00571EPSS

Exploits2References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by