CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-28837

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00445EPSS

Exploits0References2

WPVulnDB•added 2023/12/26 12:0 a.m.•8 views

Fathom Analytics < 3.1.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9AI score

Exploits0References1Affected Software1

Patchstack•added 2023/10/26 12:0 a.m.•5 views

WordPress Fathom Analytics Plugin < 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Fathom Analytics Type Plugin Vulnerable versions 3.1.0 Fixed in 3.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 30f046c6503f Credits WordFence Required privilege...

6AI score

Exploits0References2Affected Software1

CNVD•added 2021/12/19 12:0 a.m.•21 views

WordPress Fathom Analytics plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The Fathom Analytics plugin is a WordPress open source application plugin. A cross-site scripting vulnerability exists in the WordPress Fathom Analytics plugin, which originates in the...

4.8CVSS1.7AI score0.00445EPSS

Exploits0References1

NVD•added 2021/12/14 4:15 p.m.•5 views

CVE-2021-41836

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $siteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versio...

4.8CVSS0.00445EPSS

Exploits0References2

OSV•added 2021/12/14 4:15 p.m.•2 views

CVE-2021-41836

4.8CVSS5.8AI score0.00445EPSS

Exploits0References2

Prion•added 2021/12/14 4:15 p.m.•9 views

Cross site scripting

3.5CVSS4.8AI score0.00445EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2021/12/14 3:50 p.m.•5 views

CVE-2021-41836 Fathom Analytics <= 3.0.4 Authenticated Stored Cross-Site Scripting

4.8CVSS4.8AI score0.00445EPSS

Exploits0References2

Cvelist•added 2021/12/14 3:50 p.m.•8 views

CVE-2021-41836 Fathom Analytics <= 3.0.4 Authenticated Stored Cross-Site Scripting

4.8CVSS5.1AI score0.00445EPSS

Exploits0References2

CVE•added 2021/12/14 3:50 p.m.•47 views

CVE-2021-41836

CVE-2021-41836 details a Stored Cross-Site Scripting vulnerability in the WordPress Fathom Analytics plugin. The issue stems from insufficient input validation/escaping of the $site_id parameter in the file ~/fathom-analytics.php, exploitable by an attacker with administrative access to inject ar...

4.8CVSS4.8AI score0.00445EPSS

Exploits0References2Affected Software1

CNNVD•added 2021/12/14 12:0 a.m.•1 views

WordPress 插件跨站脚本漏洞

4.8CVSS5.5AI score0.00445EPSS

Exploits0References3

Patchstack•added 2021/12/08 12:0 a.m.•12 views

WordPress Fathom Analytics plugin <= 3.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress Fathom Analytics plugin versions = 3.0.4. Solution Update the WordPress Fathom Analytics plugin to the latest available version at least 3.0.5...

4.8CVSS2.3AI score0.00445EPSS

Exploits0References3Affected Software1

WPVulnDB•added 2021/12/08 12:0 a.m.•16 views

Fathom Analytics < 3.0.5 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the fathomsiteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...

4.8CVSS4.4AI score0.00445EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by