Lucene search
+L

481 matches found

nuclei
nuclei
added yesterday25 views

Hostel < 1.1.5.3 - Cross-Site Scripting

The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-3753 info: name: Hostel 1.1.5.3 - Cross-Site Scriptin...

5.9CVSS6.1AI score0.00807EPSS
Exploits1References2
nvd
nvd
added 6 days ago9 views

CVE-2026-3907

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS0.00206EPSS
Exploits0References8
euvd
euvd
added 6 days ago8 views

EUVD-2026-42842

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
cve
cve
added 6 days ago8 views

CVE-2026-3907

The CVE records CVE-2026-3907 for the WordPress Hostel plugin (versions

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
attackerkb
attackerkb
added 6 days ago7 views

CVE-2026-3907

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References9
cvelist
cvelist
added 6 days ago31 views

CVE-2026-3907 Hostel <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wphostel-book' Shortcode

The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode...

6.4CVSS0.00206EPSS
Exploits0References8
patchstack
patchstack
added last week6 views

WordPress Hostel plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Hostel versions = 1.1.7...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10815

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References1
nvd
nvd
added 2026/06/04 4:16 p.m.13 views

CVE-2026-10815

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS0.00209EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/04 3:30 p.m.43 views

CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS0.00209EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/04 3:30 p.m.8 views

CVE-2026-10815

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/04 3:30 p.m.11 views

CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS5.4AI score0.00209EPSS
Exploits0References6
euvd
euvd
added 2026/06/04 3:30 p.m.13 views

EUVD-2026-34293

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS5.4AI score0.00209EPSS
Exploits0References6
cve
cve
added 2026/06/04 3:30 p.m.25 views

CVE-2026-10815

The CVE-2026-10815 entry concerns LakshayD02’s Hostel-Management-System-PHP (up to commit f87e67c283bab6f718faf2fec6ae39a13bd7036b). The vulnerability affects the Admin Dashboard Page, specifically the hostel/index.php component, where manipulating the argument ID results in missing authorization...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.20 views

PT-2026-46253

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
cnnvd
cnnvd
added 2026/06/04 12:0 a.m.13 views

Hostel Management System 安全漏洞

Hostel Management System is a dormitory management tool developed by LAKSHAY DHOUNDIYAL. The Hostel Management System f87e67c283bab6f718faf2fec6ae39a13bd7036b and previous versions have security vulnerabilities. These vulnerabilities stem from unknown processing of parameter IDs in the Admin...

6.5CVSS6.5AI score0.00209EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/04/20 7:22 p.m.7 views

CVE-2026-1838

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00318EPSS
Exploits0References1
patchstack
patchstack
added 2026/04/20 9:39 a.m.9 views

WordPress Hostel plugin <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter vulnerability

Reflected Cross-Site Scripting via 'shortcodeid' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Hostel versions = 1.1.6...

6.1CVSS5.8AI score0.00318EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/04/18 2:16 a.m.3 views

CVE-2026-1838

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00318EPSS
Exploits0References9
vulnrichment
vulnrichment
added 2026/04/18 1:26 a.m.2 views

CVE-2026-1838 Hostel <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.9AI score0.00318EPSS
Exploits0References9
Rows per page
Query Builder