Lucene search
K

4739 matches found

CNVD
CNVD
added 2022/02/10 12:0 a.m.20 views

WordPress Perfect Survey plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress Perfect Survey plugin in version 1.5.2 and prior versions suffers from a cross-site scripting vulnerability that stems from not validating and escaping the X-Forwarded-For header value,...

6.1CVSS1.8AI score0.01405EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.20 views

WordPress Asset CleanUp: Page Speed Booster plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Asset CleanUp:Page Speed Booster WordPress plugin prior to version 1.3.8.5 is vulnerable to a cross-site scripting vulnerability, which stems from the fact that the wpacuselectedsub tabarea parameter is...

4.3CVSS1.1AI score0.008EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/02/10 12:0 a.m.20 views

WordPress Contact Form 7 Skins plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Contact Form 7 Skins plugin in version 2.5.0 and earlier has a cross-site scripting vulnerability that stems from the tab parameter not being escaped before being output to the admin...

4.3CVSS2.6AI score0.02412EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/02/10 12:0 a.m.23 views

WordPress NextScripts:Social Networks Auto-Poster插件跨站脚本漏洞

NextScripts:Social Networks Auto-Poster WordPress plugin is vulnerable to a cross-site scripting vulnerability in versions prior to 4.3.24. The vulnerability stems from the fact that log requests are not escaped before being exported to the relevant administrative The vulnerability stems from the...

6.1CVSS3.4AI score0.01334EPSS
Exploits2References1
NVD
NVD
added 2022/02/09 11:15 p.m.17 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.1CVSS0.00604EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/09 10:3 p.m.16 views

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

5.7AI score0.03033EPSS
Exploits1References3
Prion
Prion
added 2022/02/07 11:15 a.m.18 views

Code injection

OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions...

3.5CVSS5.1AI score0.0051EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2021-0390)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.3AI score0.01437EPSS
Exploits2References3
Prion
Prion
added 2022/01/27 4:15 p.m.18 views

Cross site scripting

A Cross-site scripting XSS vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code...

3.5CVSS4.9AI score0.91737EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/27 3:29 p.m.19 views

CVE-2021-46065

A Cross-site scripting XSS vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code...

5.3AI score0.91737EPSS
Exploits1References2
CNVD
CNVD
added 2022/01/27 12:0 a.m.26 views

SourceCodester Hospital Patient Records Management System Cross-Site Scripting Vulnerability

SourceCodester Hospital Patient Records Management System is a web-based PHP application that provides an automated platform for hospitals to store and manage their patient records. A cross-site scripting vulnerability exists in version 1.0 of the Management System. The vulnerability is related t...

5.4CVSS0.9AI score0.00839EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/27 12:0 a.m.13 views

ForestBlog Cross-Site Scripting Vulnerability

ForestBlog is an application. A personal blog. ForestBlog suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute JavaScript code on the client side...

6.1CVSS6AI score0.00588EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/27 12:0 a.m.16 views

Jfinal CMS Cross-Site Scripting Vulnerability

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS cross-site scripting vulnerability , the vulnerability stems from the...

5.4CVSS5.4AI score0.00503EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2022/01/27 12:0 a.m.271 views

WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting XSS Authenticated Date: 25-10-2021 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: https://lenderd.com/ Software Link: https://mortgagecalculatorsplugin.com/ Version: 1.52 Tested on: Linux CVE :...

4.8CVSS5.1AI score0.05086EPSS
Exploits5
Veracode
Veracode
added 2022/01/26 3:5 a.m.15 views

Cross-site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting XSS attacks. Insufficient checks in detectXss allow remote attackers to inject and execute arbitrary javascript code in the victim's browser...

5.4CVSS5.9AI score0.01416EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2022/01/26 12:0 a.m.15 views

YetiForceCrm Cross-Site Request Forgery Vulnerability (CNVD-2022-08153)

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site request forgery vulnerability exists in YetiForceCrm prior to version 6.3.0, which stems from a lack of proper validation of client-side data by the WEB application. An attacker could exploit this...

8CVSS7.7AI score0.00531EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/26 12:0 a.m.24 views

WordPress Five Star Restaurant Reservations plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the Wordpress Plugin Five Star Restaurant Reservations prior to version 2.4.8, which stems from the product's rtbwelcomesetschedule...

3.5CVSS1.9AI score0.00607EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/01/26 12:0 a.m.25 views

WordPress Simple Download Monitor plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions prior to Wordpress Plugin Simple Download Monitor 3.9.11, which stems fr...

3.5CVSS3.4AI score0.00611EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/01/26 12:0 a.m.19 views

WordPress Sendinblue plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress Plugin Sendinblue prior to version 3.1.25, which...

6.1CVSS6AI score0.0081EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/01/25 7:11 p.m.31 views

CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...

5.8AI score0.0053EPSS
Exploits0References1
Rows per page
Query Builder