Lucene search
K

4739 matches found

CNVD
CNVD
added 2021/11/04 12:0 a.m.15 views

WordPress Cool Tag Cloud plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Cool Tag Cloud plugin in versions prior to 2.26 suffers from a cross-site scripting vulnerability...

5.4CVSS1.3AI score0.00629EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/04 12:0 a.m.15 views

WordPress MP3 Audio Player for Music, Radio

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar Plugin in versions prior to 2.4.2, which stems from a lack of data validation of...

4.8CVSS1.7AI score0.00622EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2021/11/02 12:0 a.m.29 views

Mozilla Firefox < 94.0

The version of Firefox installed on the remote Windows host is prior to 94.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-48 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such...

10CVSS7.4AI score0.0383EPSS
Exploits1References14
CNVD
CNVD
added 2021/11/01 12:0 a.m.29 views

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-91184)

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...

8.7CVSS4.2AI score0.60729EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/31 12:0 a.m.4 views

Mara CMS Cross-Site Scripting Vulnerability (CNVD-2021-84589)

Mara CMS is a file-based content management system. A cross-site scripting vulnerability exists in Mara CMS version 7.5, which stems from a lack of checksum filtering of user-supplied and output data in the menuedit.php component. An attacker can exploit this vulnerability to execute JavaScript...

5.4CVSS6.3AI score0.00503EPSS
Exploits1References1
CNVD
CNVD
added 2021/10/31 12:0 a.m.19 views

Sourcecodester News247 CMS Cross-Site Scripting Vulnerability

Sourcecodester News247 Cms is an open source content management system for managing the distribution of news content or articles in Tanzania. sourcecodester News247 CMS v1.0 has a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

6.1CVSS4.4AI score0.00618EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/10/29 12:0 a.m.3 views

PT-2021-22548 · WordPress · Optinmonster

Name of the Vulnerable Software and Affected Versions: OptinMonster WordPress plugin versions up to, and including, 2.6.4 Description: The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation...

8.2CVSS8AI score0.2327EPSS
Exploits1References11
CNVD
CNVD
added 2021/10/28 12:0 a.m.16 views

MyBB Cross-Site Scripting Vulnerability (CNVD-2021-103573)

MyBB is a free and web-based forum software developed by MyBB team using PHP and MySQL. MyBB has a cross-site scripting vulnerability in versions prior to 1.8.28, which stems from the lack of proper validation of client-side data in the template name displayed in the theme management of the WEB...

5.4CVSS1.9AI score0.00477EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/28 12:0 a.m.16 views

Shopware Cross-Site Scripting Vulnerability (CNVD-2021-103572)

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware in versions prior to 5.7.6 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

5.7CVSS3.4AI score0.00737EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/28 12:0 a.m.13 views

Folder Lock Cross-Site Scripting Vulnerability

Folder Lock is a perfect data security application from NewSoftwares, Inc. Folder Lock is vulnerable to a cross-site scripting vulnerability in v3.4.5, which stems from the " Create Folder" function under the "Create" module lacks a data validation filter for user-supplied data and output. An...

5.4CVSS1.9AI score0.00562EPSS
Exploits1References1
NVD
NVD
added 2021/10/25 2:15 p.m.21 views

CVE-2021-24884

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like ,,, and.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Lin...

9.6CVSS0.03084EPSS
Exploits1References3
CNVD
CNVD
added 2021/10/24 12:0 a.m.15 views

WordPress Tutor LMS plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress Tutor LMS plugin in versions prior to 1.9.9 has a cross-site scripting vulnerability, which stems from the plugin's...

4.8CVSS1.9AI score0.00622EPSS
Exploits2References1
Prion
Prion
added 2021/10/22 7:15 p.m.17 views

Cross site scripting

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

4.3CVSS5.8AI score0.00616EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/10/22 12:0 a.m.13 views

DIALink cross-site scripting vulnerability (CNVD-2021-84841)

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

5.5CVSS5AI score0.11431EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/22 12:0 a.m.14 views

DIALink cross-site scripting vulnerability (CNVD-2021-84839)

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

5.5CVSS5AI score0.00604EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/10/18 12:0 a.m.18 views

Apache CouchDB <= 3.1.1 Privilege Escalation Vulnerability - Linux

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

7.3CVSS7.4AI score0.02474EPSS
Exploits1References1
OSV
OSV
added 2021/10/14 8:15 p.m.20 views

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS6.8AI score
Exploits0References1
Cvelist
Cvelist
added 2021/10/14 7:55 p.m.24 views

CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.5AI score0.02474EPSS
Exploits1References1
CNVD
CNVD
added 2021/10/14 12:0 a.m.12 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2023-05245)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

5.4CVSS5.3AI score0.00257EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/13 12:0 a.m.18 views

WordPress Quiz And Survey Master plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress Quiz And Survey Master plugin prior to 7.3.2, whi...

4.8CVSS1.7AI score0.00603EPSS
Exploits2References1
Rows per page
Query Builder