Lucene search
K

5125 matches found

OSV
OSV
added 2024/01/18 3:30 p.m.17 views

GHSA-5XFX-55X4-J223 Cross-Frame Scripting vulnerability has been found on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.7AI score0.00294EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/01/18 3:30 p.m.23 views

Cross-Frame Scripting vulnerability has been found on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.8AI score0.00294EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/01/18 1:15 p.m.19 views

CVE-2024-0669

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.3AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2024/01/18 1:15 p.m.14 views

CVE-2024-0669

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2024/01/18 1:15 p.m.16 views

Cross site scripting

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

6.8CVSS6.8AI score0.00294EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/01/18 12:0 a.m.4 views

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone CMS versions prior to 6.0.5, which stems from a cross-frame scripting vulnerability that could allow an attacker to store a malicious URL opened by an administrator...

7.1CVSS6.5AI score0.00294EPSS
Exploits0References2
NVD
NVD
added 2024/01/17 7:15 p.m.39 views

CVE-2024-0647

A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

6.1CVSS4.7AI score0.00711EPSS
Exploits1References3
Prion
Prion
added 2024/01/17 7:15 p.m.11 views

Cross site scripting

A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

5CVSS6.4AI score0.00711EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/17 6:31 p.m.10 views

CVE-2024-0647 Sparksuite SimpleMDE iFrame cross site scripting

A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

5CVSS6.4AI score0.00711EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/01/17 6:31 p.m.28 views

CVE-2024-0647 Sparksuite SimpleMDE iFrame cross site scripting

A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

5CVSS6.2AI score0.00711EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/17 12:0 a.m.1 views

SimpleMDE Cross-Site Scripting Vulnerability

SimpleMDE is a simple, beautiful and embeddable JavaScript Markdown editor. A cross-site scripting vulnerability exists in Sparksuite SimpleMDE 1.11.2 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the component iFrame Handler...

6.1CVSS5.8AI score0.00711EPSS
Exploits1References5
NVD
NVD
added 2024/01/16 4:15 p.m.24 views

CVE-2021-4227

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

5.3CVSS5.4AI score0.00608EPSS
Exploits1References1
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2021-4227

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

5.3CVSS5.9AI score0.00608EPSS
Exploits1References1
Prion
Prion
added 2024/01/16 4:15 p.m.21 views

Code injection

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

5CVSS7.1AI score0.00608EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 3:52 p.m.6 views

CVE-2021-4227 Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

5.4AI score0.00608EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/01/16 3:52 p.m.32 views

CVE-2021-4227 Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

5.7AI score0.00608EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.4 views

WordPress plugin ark-commenteditor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS7AI score0.00608EPSS
Exploits1References2
NVD
NVD
added 2024/01/05 12:15 p.m.13 views

CVE-2023-52125

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8...

6.5CVSS6.4AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/05 11:13 a.m.32 views

CVE-2023-52125 WordPress iFrame Plugin <= 4.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8...

6.5CVSS6.6AI score0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/05 11:13 a.m.5 views

CVE-2023-52125 WordPress iFrame Plugin <= 4.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8...

6.5CVSS6.4AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder