CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

WPVulnDB•added 2024/06/12 12:0 a.m.•18 views

Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

6.4AI score0.00193EPSS

Exploits2Affected Software1

WPVulnDB•added 2024/06/12 12:0 a.m.•14 views

Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS

Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

5.5AI score0.00335EPSS

Exploits2Affected Software1

wpexploit•added 2024/06/12 12:0 a.m.•133 views

Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR

Description The plugin allows any authenticated user to join a private group due to a missing authorization check on a function The PoC will be displayed on June 26, 2024, to give users the time to update...

6.5AI score0.00374EPSS

Exploits1

wpexploit•added 2024/06/12 12:0 a.m.•144 views

Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS

Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks The PoC will be displayed on June 26, 2024, to give users the time to update...

5.8AI score0.00335EPSS

wpexploit•added 2024/06/12 12:0 a.m.•140 views

Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section

Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group The PoC will be displayed on June 26, 2024, to give users the...

6.8AI score0.00193EPSS

wpexploit•added 2024/06/12 12:0 a.m.•134 views

WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks The PoC will be displayed on June 26, 2024, to give users the time to update...

6.8AI score0.00372EPSS

wpexploit•added 2024/06/12 12:0 a.m.•132 views

WPQA < 6.1.1 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks The PoC will be displayed on June 26, 2024, to give users the time to update...

5.8AI score0.00329EPSS

Openbugbounty•added 2023/06/26 2:59 p.m.•20 views

tamasoft.co.jp Cross Site Scripting vulnerability OBB-3471877

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Openbugbounty•added 2023/06/26 7:44 a.m.•12 views

momentonoiva.com.br Cross Site Scripting vulnerability OBB-3471027

Openbugbounty•added 2023/06/26 3:43 a.m.•13 views

meijigakuin.ac.jp Cross Site Scripting vulnerability OBB-3470426

Openbugbounty•added 2023/06/26 12:47 a.m.•12 views

texcentrum.cz Cross Site Scripting vulnerability OBB-3470007

Openbugbounty•added 2022/06/26 10:45 p.m.•15 views

viiz.com Cross Site Scripting vulnerability OBB-2683744

Openbugbounty•added 2022/06/26 6:39 p.m.•20 views

wpavel.de Cross Site Scripting vulnerability OBB-2683426

Openbugbounty•added 2022/06/26 12:8 p.m.•10 views

nriv-inline-skaterhockey.de Cross Site Scripting vulnerability OBB-2681970

Openbugbounty•added 2022/06/26 11:40 a.m.•11 views

juwelier-rieger.de Cross Site Scripting vulnerability OBB-2681771

Openbugbounty•added 2020/06/26 5:49 p.m.•27 views

landmarkdomains.com Cross Site Scripting vulnerability OBB-1207715

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Openbugbounty•added 2020/06/26 2:58 p.m.•6 views

cameca.geoloweb.ch Cross Site Scripting vulnerability OBB-1207515

Openbugbounty•added 2018/06/26 9:3 p.m.•8 views

mohonk.com XSS vulnerability

Open Bug Bounty ID: OBB-637157 Description| Value ---|--- Affected Website:| mohonk.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...