Lucene search
K

41 matches found

Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.7 views

PT-2024-37236 · WordPress · User Feedback – Create Interactive Feedback Form

Name of the Vulnerable Software and Affected Versions: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress versions up to, and including, 1.0.15 Description: The issue arises from insufficient input sanitization and output escaping, allowing...

7.2CVSS6.8AI score0.00395EPSS
Exploits0References8
OSV
OSV
added 2024/02/22 6:15 a.m.4 views

CVE-2024-0903

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagesubmitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping...

6.1CVSS7.4AI score0.00438EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 6:15 a.m.17 views

Cross site scripting

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagesubmitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping...

5.8CVSS5.4AI score0.00438EPSS
Exploits0References2
OSV
OSV
added 2023/10/27 8:15 a.m.6 views

CVE-2023-46153

Unauth. Stored Cross-Site Scripting XSS vulnerability in UserFeedback Team User Feedback plugin = 1.0.9 versions...

6.1CVSS7.3AI score0.00354EPSS
Exploits0References1
CVE
CVE
added 2023/10/27 7:39 a.m.59 views

CVE-2023-46153

CVE-2023-46153 is an unauthenticated stored XSS in the WordPress plugin “UserFeedback Team User Feedback” (versions

7.1CVSS5.8AI score0.00354EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.6 views

PT-2023-29881 · Unknown · Userfeedback Team User Feedback

Name of the Vulnerable Software and Affected Versions: UserFeedback Team User Feedback plugin versions 1.0.9 and earlier Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the website, which...

7.1CVSS6AI score0.00354EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.13 views

WordPress User Feedback Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46153 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a28b0bbea276 Credits Dimas Maulana Required privilege...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/29 1:59 p.m.18 views

CVE-2023-39308 WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting XSS vulnerability in UserFeedback Team User Feedback plugin = 1.0.7 versions...

7.1CVSS5.5AI score0.00483EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/09/29 12:0 a.m.7 views

PT-2023-26879 · Userfeedback Team · User Feedback Plugin

Name of the Vulnerable Software and Affected Versions: UserFeedback Team User Feedback plugin versions 1.0.7 and earlier Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...

7.1CVSS6AI score0.00483EPSS
Exploits1References8
Patchstack
Patchstack
added 2023/09/04 12:0 a.m.21 views

WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...

7.1CVSS6.5AI score0.00483EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/10 12:0 a.m.8 views

The vulnerability of the Jenkins extreme-feedback plugin lies in the lack of permission checking in the connected module, which allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Jenkins extreme-feedback plugin is related to the lack of permission checking in the module being connected. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...

5.5CVSS5.9AI score0.00461EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/09/21 4:15 p.m.19 views

Information disclosure

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps...

5.5CVSS5.1AI score0.00461EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/21 3:46 p.m.77 views

CVE-2022-41242

CVE-2022-41242 affects Jenkins extreme-feedback Plugin 1.7 and earlier. Root cause: missing authorization check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate lamp-related data (job names, MAC/IP addresses) and rename lamps. Impact is information disclosure and ...

5.4CVSS5.1AI score0.00461EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.40 views

CVE-2022-41242

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps...

5.9AI score0.00461EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.4 views

PT-2022-6107 · Jenkins · Jenkins Extreme-Feedback Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins extreme-feedback Plugin versions 1.7 and earlier Description: The issue is related to a missing permission check in the Jenkins extreme-feedback Plugin, allowing attackers with Overall/Read permission to access sensitive information...

5.5CVSS5AI score0.00461EPSS
Exploits0References6
0day.today
0day.today
added 2021/03/11 12:0 a.m.79 views

MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Vulnerability

Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin adds a feedback...

6.1CVSS0.1AI score0.00854EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/11 12:0 a.m.312 views

MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting

Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting Date: 1/30/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1220 Version: 1.8.22 Tested on: Windows 10 CVE: CVE-2021-28115 1. Description: This plugin...

6.1CVSS6.6AI score0.00854EPSS
Exploits4
OSV
OSV
added 2021/03/09 10:15 p.m.19 views

CVE-2021-28115

The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation...

6.1CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2021/03/09 9:33 p.m.23 views

CVE-2021-28115

The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation...

6.2AI score0.00854EPSS
Exploits4References2
Prion
Prion
added 2015/09/11 4:59 p.m.13 views

Sql injection

SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php...

7.5CVSS9.1AI score0.0184EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder