Lucene search
K

142 matches found

Cvelist
Cvelist
added 2022/09/02 4:5 a.m.41 views

CVE-2022-37679

Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...

5.2AI score0.00411EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/09/02 12:0 a.m.4 views

madskristensen Miniblog.Core 跨站脚本漏洞

madskristensen Miniblog.Core is a blogging engine built on ASP.NET Core. A security vulnerability exists in madskristensen Miniblog.Core v1.0, which allows attackers to execute arbitrary web script or HTML by injecting a crafted payload into the Excerpt field via the /blog/edit component...

4.8CVSS5.6AI score0.00411EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.7 views

PT-2022-24038 · Unknown · Miniblog.Core

Name of the Vulnerable Software and Affected Versions: Miniblog.Core version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field in the "/blog/edit" API endpoint. This enables the execution of malicious code on...

4.8CVSS5.4AI score0.00411EPSS
Exploits1References3
OSV
OSV
added 2022/07/26 4:15 a.m.4 views

CVE-2020-36290

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...

5.4CVSS5.4AI score0.00597EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/07/26 4:5 a.m.12 views

CVE-2020-36290

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...

5.5AI score0.00597EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.3 views

WordPress plugin 安全漏洞

WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in WordPress plugin, which originates in Beaver Themer, and can be exploited by an attacker to bypass conditional logic controls used to hide content when viewing a post archive, utilizing the...

5.3CVSS5.8AI score0.0107EPSS
Exploits1References3
OSV
OSV
added 2021/08/19 2:39 p.m.3 views

CVE-2021-28002

A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...

5.4CVSS7AI score
Exploits0References2
CNNVD
CNNVD
added 2021/08/19 12:0 a.m.6 views

Textpattern Cms 跨站脚本漏洞

Textpattern Cms is a Php-based content management system from the Textpattern team. Textpattern CMS suffers from a cross-site scripting vulnerability that stems from a persistent cross-site scripting vulnerability found in the excerpt parameters of Textpattern CMS 4.9.0. An attacker could exploit...

5.4CVSS6AI score0.01073EPSS
Exploits1References3
OSV
OSV
added 2021/06/01 2:15 p.m.3 views

CVE-2021-24319

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...

5.4CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2021/06/01 2:15 p.m.20 views

Cross site scripting

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...

3.5CVSS5.4AI score0.01681EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.6 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. WordPress has a security vulnerability that...

5.4CVSS5.5AI score0.01681EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2021/03/04 12:0 a.m.194 views

Textpattern CMS 4.9.0-dev Cross Site Scripting

Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/03/04 12:0 a.m.27 views

Textpattern CMS 4.9.0-dev - (Excerpt) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/04 12:0 a.m.217 views

Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)

Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...

7.4AI score
Exploits0
NVD
NVD
added 2019/09/16 1:15 p.m.17 views

CVE-2016-10970

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...

6.1CVSS6.1AI score0.01116EPSS
Exploits0References2
OSV
OSV
added 2019/09/16 1:15 p.m.16 views

CVE-2016-10970

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...

6.1CVSS5.9AI score0.01116EPSS
Exploits0References2
Prion
Prion
added 2019/09/16 1:15 p.m.13 views

Design/Logic Flaw

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...

4.3CVSS6AI score0.01116EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/16 12:38 p.m.24 views

CVE-2016-10970

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...

6.1AI score0.01116EPSS
Exploits0References2
CVE
CVE
added 2019/09/16 12:38 p.m.37 views

CVE-2016-10970

CVE-2016-10970 affects the WordPress plugin SupportFlow ; it is a stored XSS vulnerability in the ticket excerpt. The issue is present in plugin versions before 0.7. No exploitation details are provided in the documents. Remediation, as implied, is to upgrade to 0.7 or later (the fix version is n...

6.1CVSS5.9AI score0.01116EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/14 12:0 a.m.16 views

Easy Custom Auto Excerpt <= 2.4.6 - XSS

The Easy Custom Auto Excerpt WordPress plugin was affected by a XSS security vulnerability...

3.5CVSS2.7AI score0.00595EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder