Lucene search
K

212 matches found

Cvelist
Cvelist
added 2022/03/30 12:0 a.m.23 views

CVE-2022-28202

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...

6.7AI score0.01161EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/30 12:0 a.m.4 views

PT-2022-18871 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.6 MediaWiki versions 1.36.x prior to 1.36.4 MediaWiki versions 1.37.x prior to 1.37.2 Description: A cross-site scripting XSS issue was discovered. The widthheight, widthheightpage, and nbytes properties of...

9.8CVSS5.8AI score0.0182EPSS
Exploits6References57
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.4 views

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki that stems from the fact that the widthheight,...

6.1CVSS6.1AI score0.01161EPSS
Exploits0References10
OSV
OSV
added 2022/03/30 12:0 a.m.24 views

CVE-2022-28202

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...

6.1CVSS5.8AI score0.01161EPSS
Exploits0References7
OSV
OSV
added 2022/03/23 8:15 p.m.2 views

CVE-2022-0750

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnailwidth, thumbnailheight, maximagewidth, and maximageheight parameters found in the /photoswipe-masonry.php file which allows authenticated attackers t...

5.4CVSS5.8AI score0.04336EPSS
Exploits3References3
NVD
NVD
added 2021/08/23 12:15 p.m.12 views

CVE-2021-24529

The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability...

5.4CVSS0.0062EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/07/05 12:0 a.m.18 views

Filter Gallery < 0.0.7 - Unauthorised AJAX Calls

The plugin had a logic flaw in the CSRF checks of its AJAX calls, allowing them to be passed by not providing the related parameter in the request. This could allow attacker to make logged in users do unwanted actions. Furthermore, the AJAX calls are also lacking capability checks, allowing any...

1.1AI score
Exploits0Affected Software1
OSV
OSV
added 2021/06/14 2:15 p.m.4 views

CVE-2021-24357

In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue...

5.4CVSS5.8AI score0.00624EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2021/04/08 12:0 a.m.320 views

Composr 10.0.36 Shell Upload

Exploit Title: Composr 10.0.36 - Remote Code Execution Date: 04/06/2021 Exploit Author: Orion Hridoy Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.36 Tested on: Windows/Linux CVE : CVE-2021-30149 A RCE on Composr CMS has been discovered by BugsBD...

9.7AI score0.10064EPSS
Exploits4
0day.today
0day.today
added 2021/04/07 12:0 a.m.89 views

Composr 10.0.36 - Remote Code Execution Vulnerability

Exploit Title: Composr 10.0.36 - Remote Code Execution Exploit Author: Orion Hridoy Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.36 Tested on: Windows/Linux CVE : CVE-2021-30149 A RCE on Composr CMS has been discovered by BugsBD Private LTD. We hav...

9.8CVSS0.3AI score0.10064EPSS
Exploits4
NVD
NVD
added 2021/03/11 5:15 p.m.14 views

CVE-2021-27677

Cross-site scripting XSS vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

5.4CVSS0.00601EPSS
Exploits1References1
OSV
OSV
added 2021/03/11 5:15 p.m.2 views

CVE-2021-27677

Cross-site scripting XSS vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

5.4CVSS5.9AI score0.00601EPSS
Exploits1References1
Prion
Prion
added 2021/03/11 5:15 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

3.5CVSS5.4AI score0.00601EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/03/11 4:22 p.m.46 views

CVE-2021-27677

CVE-2021-27677 is an XSS vulnerability in the Batflat CMS 1.3.6 Galleries component. The issue allows remote attackers to inject arbitrary web script or HTML via the field name, indicating improper input handling in the Galleries module. Affected software is Batflat CMS (Galleries) v1.3.6; root c...

5.4CVSS5.3AI score0.00601EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/03/11 12:0 a.m.7 views

Batflat CMS 跨站脚本漏洞

Batflat is a simple, lightweight content management system CMS. A cross-site scripting vulnerability exists in Galleries in Batflat 1.3.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via field names...

5.4CVSS5.5AI score0.00601EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2020/11/09 2:24 p.m.8 views

galleries.429videos.com Cross Site Scripting vulnerability OBB-1496802

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Openbugbounty
Openbugbounty
added 2020/08/28 9:21 p.m.60 views

galleries.429videos.com Cross Site Scripting vulnerability OBB-1283151

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/27 9:34 a.m.7 views

guerillagallerieslondon.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1124978 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting guerillagallerieslondon.c...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2018/07/10 4:31 p.m.2418 views

Pornhub: Stored XSS in galleries - https://www.redtube.com/gallery/[id] path

Researcher successfully closed the image 'alt' attribute and injected javascript by intercepting the album creation request and submitting an XSS payload as the album title. This led to stored cross-site scripting on the user's album page, executed against any users who visited the album. Stored...

5.8AI score
Exploits0
Drupal
Drupal
added 2017/10/25 12:0 a.m.20 views

Brilliant Gallery - Highly critical - Multiple Vulnerabilities - SA-CONTRIB-2017-079

This module enables you to display any number of galleries based on images located in the files folder. The module doesn't sufficiently sanitize various database queries which may allow attackers to craft requests resulting in an SQL injection vulnerability. This vulnerability could be exploited...

6.8AI score
Exploits0References5
Rows per page
Query Builder