26 matches found
CVE-2025-11129
The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-11129
The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-11129 Include fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'api' and 'type'
The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-11129
The WordPress plugin Include Fussball.de Widgets is vulnerable to Stored Cross‑Site Scripting via the api and type parameters in all versions up to 4.0.0. Exploitation requires Contributor‑level access or higher, and the XSS payload would execute when a user visits an injected page. CVE-2025-1112...
PT-2025-46243
Name of the Vulnerable Software and Affected Versions Include Fussball.de Widgets plugin for WordPress versions up to and including 4.0.0 Description The software contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. Authenticated attackers with...
WordPress plugin Include Fussball.de Widgets 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
EUVD-2024-42568
Malicious code in bioql PyPI...
CVE-2024-47643
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Include Fussball.de Widgets include-fussball-de-widgets allows Stored XSS.This issue affects Include Fussball.de Widgets: from n/a through = 4.0.0...
vfb-homberg-fussball.de Cross Site Scripting vulnerability OBB-4034672
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-47643
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Include Fussball.de Widgets include-fussball-de-widgets allows Stored XSS.This issue affects Include Fussball.de Widgets: from n/a through = 4.0.0...
CVE-2024-47643 WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Include Fussball.de Widgets include-fussball-de-widgets allows Stored XSS.This issue affects Include Fussball.de Widgets: from n/a through = 4.0.0...
CVE-2024-47643 WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Include Fussball.de Widgets include-fussball-de-widgets allows Stored XSS.This issue affects Include Fussball.de Widgets: from n/a through = 4.0.0...
CVE-2024-47643
CVE-2024-47643 affects WordPress plugin Include Fussball.de Widgets
PT-2024-32701 · Unknown · Fussball.De Widgets
Name of the Vulnerable Software and Affected Versions: Include Fussball.De Widgets versions through 4.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can...
WordPress plugin Include Fussball.De Widgets 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Include Fussball.de Widgets versions = 4.0.0...
WordPress Include Fussball.de Widgets Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Include Fussball.de Widgets Type Plugin Vulnerable versions = 4.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47643 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e228304d4067 Credits stealthcopter Required...
radebergersv-fussball.de Improper Access Control vulnerability OBB-3820191
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
einheit-fussball.de Improper Access Control vulnerability OBB-3816595
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
tsv-milbertshofen-fussball.de Improper Access Control vulnerability OBB-3780338
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...