Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38684

The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...

6.4CVSS6AI score0.00207EPSS
Exploits0References4
OSV
OSV
added 2025/12/15 9:15 p.m.8 views

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.4CVSS5.9AI score0.00205EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.2 views

SUSE CVE-2018-5162

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

7.5CVSS9.1AI score0.0198EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2018/03/25 7:29 p.m.2 views

CVE-2018-8978

Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI...

5.4CVSS5.3AI score0.00545EPSS
Exploits1References2
OSV
OSV
added 2018/02/07 2:29 a.m.4 views

UBUNTU-CVE-2018-6790

An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element...

5.3CVSS5.8AI score0.02127EPSS
Exploits0References4
Hacker One
Hacker One
added 2017/03/16 7:27 p.m.22 views

Shopify: Setting Arbitrary Cookie at kitcrm.com

Hey The src parameter of Image is not being sanitized which allows me to set cookies at kitcrm.com Proof of Concept 1. Create a post at https://kitcrm.com/pages/ID/manualposts/new 2. Select Schedule for Later 3. Go to Scheduled Posts https://kitcrm.com/pages/ID/manualposts 4. Click Edit on your...

Exploits0
securityvulns
securityvulns
added 2010/04/06 12:0 a.m.53 views

Mozilla Foundation Security Advisory 2010-23

Mozilla Foundation Security Advisory 2010-23 Title: Image src redirect to mailto: URL opens email editor Impact: Low Announced: March 30, 2010 Reporter: Henry Sudhof Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.2 Firefox 3.5.9 SeaMonkey 2.0.4 Description phpBB developer Henry Sudhof reporte...

4.3CVSS1.1AI score0.02219EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2010/03/31 12:0 a.m.230 views

FreeBSD : mozilla -- multiple vulnerabilities (9ccfee39-3c3b-11df-9edc-000f20797ede)

Mozilla Project reports : MFSA 2010-24 XMLDocument::load doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-...

10CVSS8.3AI score0.87264EPSS
Exploits18References19
FreeBSD
FreeBSD
added 2010/03/30 12:0 a.m.45 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-24 XMLDocument::load doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-2...

10CVSS8.6AI score0.87264EPSS
Exploits18References9
Rows per page
Query Builder