Lucene search
K

147 matches found

Chainguard
Chainguard
added 2023/10/25 9:17 p.m.83 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: cortex, kubeflow, aactl, kubescape, slsa-verifier, up, vault-csi-provider, spark-operator, aws-efs-csi-driver-fips, falco, kubernetes-csi-livenessprobe-fips, falcoctl-fips, dynamic-localpv-provisioner-fips, kubernetes-csi-livenessprobe,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2023/10/10 9:28 p.m.43 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: metacontroller, flux-source-controller, nodetaint, flux-notification-controller, pulumi-language-dotnet, prometheus-blackbox-exporter, gitness, ko, coredns, buildkitd, nghttp2, prometheus-adapter, node-problem-detector, flux-kustomize-controller, kpt, rqlite,...

5.9AI score
Exploits0
NVD
NVD
added 2023/08/16 12:15 p.m.16 views

CVE-2023-2254

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

4.8CVSS4.8AI score0.00442EPSS
Exploits2References1
OSV
OSV
added 2023/08/16 12:15 p.m.5 views

CVE-2023-2254

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

4.8CVSS6.6AI score0.00442EPSS
Exploits2References1
Prion
Prion
added 2023/08/16 12:15 p.m.16 views

Cross site scripting

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

4.3CVSS4.8AI score0.00442EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/08/16 11:3 a.m.22 views

CVE-2023-2254 Ko-fi Button < 1.3.3 - Admin+ Stored XSS

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

5AI score0.00442EPSS
Exploits2References1
CVE
CVE
added 2023/08/16 11:3 a.m.46 views

CVE-2023-2254

CVE-2023-2254 affects the Ko-fi Button WordPress plugin prior to v1.3.3. Root cause: improper handling of plugin settings enables Admin+ Stored XSS, even if unfiltered_html is disabled. Impact is described as low risk (per several sources). The fix is to update to v1.3.3 or later (patched version...

4.8CVSS4.8AI score0.00442EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/08/16 12:0 a.m.10 views

WordPress Plugin Ko-fi Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS6.3AI score0.00442EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.4 views

PT-2023-18557 · WordPress · Ko-Fi Button

Name of the Vulnerable Software and Affected Versions: Ko-fi Button WordPress plugin versions prior to 1.3.3 Description: The issue concerns the Ko-fi Button WordPress plugin, which does not properly handle some of its settings. This could allow high-privilege users to perform Stored Cross-Site...

4.8CVSS5.2AI score0.00442EPSS
Exploits2References8
NVD
NVD
added 2023/06/16 11:15 a.m.26 views

CVE-2023-26515

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ko Takagi Simple Slug Translate plugin = 2.7.2 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/16 10:41 a.m.29 views

CVE-2023-26515 WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ko Takagi Simple Slug Translate plugin = 2.7.2 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/06/16 10:41 a.m.48 views

CVE-2023-26515

CVE-2023-26515 affects the WordPress plugin Simple Slug Translate (Ko Takagi) , versioned ≤ 2.7.2. The issue is a Stored XSS requiring admin+ privileges . A fix is available in version 2.7.3 ; affected users should upgrade to 2.7.3 or later. Other sources corroborate the same vulnerability scope ...

5.9CVSS5AI score0.00369EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/16 12:0 a.m.5 views

PT-2023-20694 · Unknown · Ko Takagi Simple Slug Translate

Name of the Vulnerable Software and Affected Versions: Ko Takagi Simple Slug Translate plugin versions prior to 2.7.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions prior to...

5.9CVSS5.3AI score0.00369EPSS
Exploits0References3
Wolfi
Wolfi
added 2023/06/08 9:15 p.m.20 views

CVE-2023-24535 vulnerabilities

Vulnerabilities for packages: ko...

7.5CVSS7.7AI score0.01089EPSS
Exploits0
Chainguard
Chainguard
added 2023/06/08 9:15 p.m.40 views

CVE-2023-24535 vulnerabilities

Vulnerabilities for packages: ko...

7.5CVSS7.4AI score0.01089EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2023/06/03 12:12 a.m.10 views

ko-re-a.org Cross Site Scripting vulnerability OBB-3377908

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2023/05/08 4:15 p.m.35 views

CVE-2023-30551 vulnerabilities

Vulnerabilities for packages: apko, aactl, ko...

7.5CVSS7.1AI score0.0105EPSS
Exploits0
Chainguard
Chainguard
added 2023/05/03 9:56 p.m.21 views

GHSA-2H5H-59F5-C5X9 vulnerabilities

Vulnerabilities for packages: apko, aactl, ko...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2023/05/03 9:56 p.m.17 views

GHSA-2H5H-59F5-C5X9 vulnerabilities

Vulnerabilities for packages: aactl, apko, ko...

5.9AI score
Exploits0
Patchstack
Patchstack
added 2023/05/03 12:0 a.m.11 views

WordPress Ko-fi Button Plugin < 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Ko-fi Button Type Plugin Vulnerable versions 1.3.3 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2254 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID af182fbd1aaa Credits Felipe Restrepo Rodriguez...

4.8CVSS5.7AI score0.00442EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder