Lucene search
+L

319 matches found

ATTACKERKB
ATTACKERKB
added 2022/03/21 7:15 p.m.6 views

CVE-2022-0423

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook...

5.4CVSS5.9AI score0.00591EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/02/28 9:15 a.m.6 views

CVE-2022-0150

The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.3AI score0.01718EPSS
Exploits2References4
OSV
OSV
added 2021/11/23 8:15 p.m.6 views

CVE-2021-24891

The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue...

6.1CVSS6.4AI score0.24006EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/11/10 12:0 a.m.17 views

Booking Package < 1.5.11 - Reflected Cross-Site Scripting

The plugin does not sanitise user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.9AI score0.01243EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/11/08 6:15 p.m.3 views

CVE-2021-24594

The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2021/10/25 2:15 p.m.6 views

CVE-2021-24487

The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a...

8.8CVSS7.3AI score0.00618EPSS
Exploits2References1
OSV
OSV
added 2021/10/14 9:19 p.m.37 views

GHSA-G67G-HVC3-XMVF Inconsistent input sanitisation leads to XSS vectors

Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...

9.8CVSS7.4AI score0.01006EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/10/14 9:19 p.m.51 views

Inconsistent input sanitisation leads to XSS vectors

Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...

9.8CVSS2.1AI score0.01006EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2021/10/14 3:45 p.m.29 views

CVE-2021-41132 Inconsistent input sanitisation leads to XSS vectors

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

9.8CVSS9AI score0.01006EPSS
Exploits0References3
NVD
NVD
added 2021/10/05 12:15 p.m.29 views

CVE-2021-37223

Nagios Enterprises NagiosXI = 5.8.4 contains a Server-Side Request Forgery SSRF vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be...

6.5CVSS0.04781EPSS
Exploits0References1
Prion
Prion
added 2021/10/05 12:15 p.m.20 views

Server side request forgery (ssrf)

Nagios Enterprises NagiosXI = 5.8.4 contains a Server-Side Request Forgery SSRF vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be...

4CVSS6.3AI score0.04781EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/09/24 12:0 a.m.179 views

Nagios XI < 5.8.5 Multiple Vulnerabilities

According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including the following: - A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context o...

9.8CVSS7.5AI score0.7925EPSS
Exploits5References16
WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.12 views

UsersWP < 1.2.2.29 - Reflected Cross-Site Scripting

The plugin sanitises user input via sanitizetextfield but do not escape it before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues PoC On the reset page made by the plugin: https://example.com/reset/?key=a=%22accesskey=X%20onclick=alert1%20b=%22...

1.3AI score
Exploits0Affected Software1
OSV
OSV
added 2021/09/01 12:15 p.m.7 views

CVE-2021-38703

Wireless devices running certain Arcadyan-derived firmware such as KPN Experia WiFi 1.00.15 do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be...

8.8CVSS7.5AI score0.0432EPSS
Exploits1References2
OSV
OSV
added 2021/08/30 3:15 p.m.5 views

CVE-2021-24580

The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue...

8.8CVSS5.8AI score0.01362EPSS
Exploits2References1
NVD
NVD
added 2021/08/13 12:15 p.m.36 views

CVE-2021-37350

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation...

9.8CVSS0.7925EPSS
Exploits0References1
OSV
OSV
added 2021/08/13 12:15 p.m.4 views

CVE-2021-37350

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation...

9.8CVSS7.6AI score0.7925EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/08/13 12:15 p.m.2 views

CVE-2021-37350

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation...

9.8CVSS7.4AI score0.7925EPSS
Exploits0References2
Prion
Prion
added 2021/08/13 12:15 p.m.38 views

Sql injection

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation...

7.5CVSS9.6AI score0.7925EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/03 12:0 a.m.25 views

Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field. PoC Step 1: Install and activate the plugin. Step 2: Go to the Forms-- Add New...

3.5CVSS0.9AI score0.0062EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder