Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 5:56 a.m.3 views

CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.3CVSS5.7AI score0.00243EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 8:16 p.m.9 views

CVE-2026-32263

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTypesController.php, the $settings array from parsestr is passed directly to Craft::configure without Component::cleanseConfig. This allows injecting Yii2 behavior/event handlers via...

8.6CVSS0.00499EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/16 6:57 p.m.4 views

CVE-2026-32263 Craft CMS vulnerable to behavior injection RCE via EntryTypesController

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTypesController.php, the $settings array from parsestr is passed directly to Craft::configure without Component::cleanseConfig. This allows injecting Yii2 behavior/event handlers via...

8.6CVSS5.7AI score0.00499EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.5 views

CVE-2025-68038

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

7.2CVSS5.9AI score0.0037EPSS
Exploits0References1
NVD
NVD
added 2025/10/10 7:15 a.m.5 views

CVE-2025-21065

Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices...

6.6CVSS0.00174EPSS
Exploits0References1
OSV
OSV
added 2025/04/22 10:15 a.m.6 views

CVE-2025-46228

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.3 views

WordPress plugin Event post 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

6.5CVSS6.5AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.7 views

PT-2024-21310 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.11 Description: The issue is related to Stored Cross-Site Scripting via the countdown widget's message parameter due to insufficient input sanitization...

6.4CVSS8AI score0.00446EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.3 views

WordPress Plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS7.7AI score0.00446EPSS
Exploits0References4
Rows per page
Query Builder