Lucene search
K

173 matches found

CNNVD
CNNVD
added 2024/03/02 12:0 a.m.5 views

WordPress Plugin Ultimate Bootstrap Elements for Elementor Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS8.4AI score0.0051EPSS
Exploits0References4
NVD
NVD
added 2024/01/12 5:15 a.m.23 views

CVE-2024-23174

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...

5.4CVSS5.3AI score0.00406EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2023/01/27 12:0 a.m.13 views

Greenshift < 5.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Advanced...

6.8CVSS5AI score0.00627EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/27 12:0 a.m.463 views

Greenshift < 5.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Advanced Heading"...

6.8CVSS5.2AI score0.00627EPSS
Exploits2
OSV
OSV
added 2022/12/18 11:15 a.m.4 views

CVE-2022-4600

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been classified as problematic. This affects an unknown part of the file /admin/api/theme-edit/ of the component Product Carousel Handler. The manipulation of the argument Heading/Description leads to cross site scripting. It is possibl...

5.4CVSS3.8AI score0.00503EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.5 views

Shoplazza LifeStyle 跨站脚本漏洞

Shoplazza LifeStyle is an e-commerce website from Shoplazza, Inc. A security vulnerability exists in Shoplazza LifeStyle version 1.1 that stems from cross-site scripting due to incorrect manipulation of the parameters Heading/Description...

5.4CVSS5.3AI score0.00503EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.5 views

Shoplazza LifeStyle 跨站脚本漏洞

Shoplazza LifeStyle is an e-commerce website by Shoplazza, Inc. A security vulnerability exists in Shoplazza LifeStyle version 1.1, which stems from cross-site scripting due to incorrect manipulation of the parameters Subheading/Heading/Text/Button Text/Label...

5.4CVSS5.3AI score0.00503EPSS
Exploits0References4
OSV
OSV
added 2022/12/02 8:15 p.m.4 views

CVE-2022-44945

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the headingfieldid parameter...

9.8CVSS5.8AI score0.00865EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.6 views

Rukovoditel SQL注入漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from through the headingfield...

9.8CVSS8.5AI score0.00865EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.6 views

PT-2022-27344 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A SQL injection issue was discovered via the heading field id parameter. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world...

9.8CVSS9.7AI score0.00865EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/09 2:3 a.m.97 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.1AI score0.70561EPSS
Exploits10References216
OSV
OSV
added 2021/08/26 6:15 p.m.4 views

CVE-2020-18468

Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...

5.4CVSS6.1AI score0.00413EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/08/26 5:28 p.m.23 views

CVE-2020-18468

Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...

5.1AI score0.00413EPSS
Exploits1References1
OSV
OSV
added 2021/08/17 8:15 p.m.5 views

CVE-2020-13588

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...

8.8CVSS6.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/17 12:0 a.m.7 views

PT-2021-9654 · Unknown · Rukovoditel Project Management App

Name of the Vulnerable Software and Affected Versions: Rukovoditel Project Management App version 2.7.2 Description: An exploitable SQL injection issue exists in the 'entities/fields' page. The heading field id parameter in this page is vulnerable to authenticated SQL injection. An attacker can...

8.8CVSS6.2AI score0.00968EPSS
Exploits1References2
OSV
OSV
added 2021/07/19 11:15 a.m.5 views

CVE-2021-24482

The Related Posts for WordPress plugin through 2.0.4 does not sanitise its headingtext and CSS settings, allowing high privilege users admin to set XSS payloads in them, leading to Stored Cross-Site Scripting issues...

4.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2021/05/17 5:15 p.m.6 views

CVE-2021-24292

The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget...

5.4CVSS5.8AI score0.00636EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/05/17 12:0 a.m.18 views

Related Posts for WordPress < 2.0.5 - Authenticated Stored XSS & XFS

The plugin does not sanitise its headingtext and css settings, allowing high privilege users admin to set XSS payloads in them, leading to Stored Cross-Site Scripting issues. PoC Payloads: $ m0ze"...

3.5CVSS2.1AI score0.00687EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2021/04/05 7:15 p.m.8 views

CVE-2021-24202

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...

5.4CVSS5.8AI score0.00746EPSS
Exploits2References2
Prion
Prion
added 2021/04/05 7:15 p.m.14 views

Design/Logic Flaw

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...

3.5CVSS5.5AI score0.00746EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder