Lucene search
K

6 matches found

OSV
OSV
added 2025/11/26 2:1 a.m.4 views

CVE-2025-66026 REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/26 2:1 a.m.5 views

EUVD-2025-199662

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...

6.1CVSS5.3AI score0.00228EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/25 11:53 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the argstypes parameter, which is rendered into an info banner without proper HTML escaping. An attacker can execute arbitrary JavaScript code in the backend context by tricking an authenticated user into...

6.1CVSS5.2AI score0.00228EPSS
Exploits1References2
OSV
OSV
added 2024/07/17 7:15 a.m.5 views

CVE-2024-5254

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfobanner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS6AI score0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.22 views

PT-2024-35366 · WordPress · Ultimate Addons For Wpbakery

Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the ultimate info banner...

6.4CVSS6.9AI score0.00297EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/18 5:41 a.m.2 views

Malicious code in rb-info-banner (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 795c3e45bb638b1058118c99f65db4e6f84244a2af7acbb4d6bd09a19b94dca6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Rows per page
Query Builder