Lucene search
K

74 matches found

CNNVD
CNNVD
added 2024/08/26 12:0 a.m.3 views

PicUploader 安全漏洞

PicUploader is a graphic bed tool written in php by Bruce's personal developer. It helps you to quickly upload your images to a cloud image bed and automatically returns a Markdown formatted link to the clipboard. PicUploader has a security vulnerability that stems from the...

6.1CVSS6.3AI score0.00279EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.4 views

PT-2024-31252 · Unknown · Picuploader

Name of the Vulnerable Software and Affected Versions: PicUploader version fcf82ea Description: A cross-site scripting XSS issue exists in the /master/auth/OnedriveRedirect.php component, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error...

6.1CVSS6AI score0.00279EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/03/02 12:0 a.m.9 views

PT-2024-18296 · WordPress · Nextend Social Login/Register

Name of the Vulnerable Software and Affected Versions: Nextend Social Login and Register plugin for WordPress versions up to, and including, 3.1.12 Description: The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the error...

5.4CVSS8.6AI score0.00373EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/02 12:0 a.m.5 views

WordPress Plugin Nextend Social Login and Register Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS8.1AI score0.00373EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/09/11 10:15 p.m.5 views

CVE-2023-38878

A reflected cross-site scripting XSS vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'errordescription' parameters of 'oauth2.php'...

6.1CVSS5.9AI score0.00607EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.4 views

DevCode OpenSTAManager Cross-Site Scripting Vulnerability

OpenSTAManager is an open source management software for technical assistance and billing from Devcode Open Source. A security vulnerability exists in DevCode OpenSTAManager versions 2.4.24 through 2.4.47, which stems from a reflected cross-site scripting XSS vulnerability in the error and...

6.1CVSS5.8AI score0.00607EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.6 views

PT-2022-4900 · Ovirt · Ovirt Engine

Name of the Vulnerable Software and Affected Versions: ovirt-engine affected versions not specified Description: The issue is related to the ovirt-engine management tool for virtual infrastructure, which fails to protect its web page structure when handling the error description parameter. This...

7.8CVSS6.1AI score0.00406EPSS
Exploits0References7
Citrix
Citrix
added 2022/07/03 12:0 a.m.12 views

While using FAS application launch fails with error "Cannot start app <Application Name>"

Application launch fails with error "Cannot start app ", Event ID 1 and 28 are logged on Storefront servers. Event ID: 1 Description: The Federated Authentication Server at: returned a server error: 1 for method AssertIdentity...

7AI score
Exploits0
OSV
OSV
added 2021/09/10 2:15 p.m.6 views

CVE-2021-38349

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...

6.1CVSS5.8AI score0.00895EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.6 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WorkPress Plugin suffers from a cross-sit...

6.1CVSS6AI score0.00895EPSS
Exploits1References4
Vaadin
Vaadin
added 2021/06/24 12:0 a.m.53 views

Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. See CWE-172: Encoding Erro...

2.5CVSS1.7AI score0.00286EPSS
Exploits0References1Affected Software2
Citrix
Citrix
added 2020/06/26 12:0 a.m.8 views

Secure web on iOS devices getting error: Cannot Open Page too many HTTP redirects

When user opens web link with secure web on iOS devices, below error comes up. Error:Cannot Open Page too many HTTP redirects. Secure web log from iOS device: ==================== NSLocalizedDescription = "too many HTTP redirects"; NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork...

6.9AI score
Exploits0
Prion
Prion
added 2019/09/04 8:15 p.m.13 views

Design/Logic Flaw

cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...

4.3CVSS6AI score0.82962EPSS
Exploits6References4Affected Software1
Hacker One
Hacker One
added 2018/09/06 6:37 a.m.27 views

WordPress: Stored XSS on Broken Themes via filename

Hi, I've found something here, Description XSS Stored because filename of theme when broken, So when theme is broken, Wordpress will inform the name of theme who has been broken which is the folder name of theme and inform the error with description message. F342862 Looks like the filename is...

6.8AI score
Exploits0
Rows per page
Query Builder