Lucene search
K

205 matches found

Cvelist
Cvelist
added 2024/04/12 8:38 p.m.16 views

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS8.1AI score0.0076EPSS
Exploits0References3
OSV
OSV
added 2024/04/12 8:38 p.m.20 views

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS7.6AI score0.0076EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/04/12 8:38 p.m.16 views

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS7.9AI score0.0076EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.9 views

PT-2024-24354

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 1.4.21 Description A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the / nicegui/ version /resources/key/path:path route. As a result, any file on the backend...

8.2CVSS7.2AI score0.0076EPSS
Exploits0References14
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

Leaflet Map < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above...

6.4CVSS5.9AI score0.00421EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/10/20 7:15 a.m.20 views

CVE-2023-5050

The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to...

6.4CVSS5.7AI score0.00421EPSS
Exploits0References3
OSV
OSV
added 2023/10/20 7:15 a.m.4 views

CVE-2023-5050

The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to...

5.4CVSS6.8AI score0.00421EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/20 6:35 a.m.32 views

CVE-2023-5050 Leaflet Map <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to...

6.4CVSS5.8AI score0.00421EPSS
Exploits0References3
CVE
CVE
added 2023/10/20 6:35 a.m.57 views

CVE-2023-5050

Leaflet Map plugin for WordPress is affected by CVE-2023-5050. Affected software: Leaflet Map plugin for WordPress; vulnerable versions up to and including 3.3.0. Root cause: insufficient input sanitization and output escaping leading to Stored Cross-Site Scripting via shortcode attributes. Explo...

6.4CVSS5.2AI score0.00421EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.5 views

WordPress Plugin Leaflet Map Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6AI score0.00421EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.8 views

PT-2023-31580 · WordPress · Leaflet Map

Name of the Vulnerable Software and Affected Versions: Leaflet Map plugin for WordPress versions up to, and including, 3.3.0 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS5.4AI score0.00421EPSS
Exploits0References6
Patchstack
Patchstack
added 2023/09/20 12:0 a.m.10 views

WordPress Extensions for Leaflet Map Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Extensions for Leaflet Map Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5050 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID acc5ac62f7be Credits Lana Codes...

6.4CVSS6AI score0.00421EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/08/17 11:15 a.m.39 views

CVE-2023-31074

Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...

7.1CVSS6.3AI score0.00379EPSS
Exploits0References1
OSV
OSV
added 2023/08/17 11:15 a.m.4 views

CVE-2023-31074

Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...

6.1CVSS7.3AI score0.00379EPSS
Exploits0References1
Prion
Prion
added 2023/08/17 11:15 a.m.23 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...

5.8CVSS6AI score0.00379EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/17 10:1 a.m.15 views

CVE-2023-31074 WordPress Extensions for Leaflet Map Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/17 10:1 a.m.31 views

CVE-2023-31074 WordPress Extensions for Leaflet Map Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in hupe13 Extensions for Leaflet Map plugin = 3.4.1 versions...

7.1CVSS6.4AI score0.00379EPSS
Exploits0References1
CVE
CVE
added 2023/08/17 10:1 a.m.35 views

CVE-2023-31074

CVE-2023-31074: Unauthenticated Reflected Cross-Site Scripting in WordPress plugin Extensions for Leaflet Map (hupe13) 3.4.1; Patchstack lists 3.4.2 as the fix. Red Hat and other feeds corroborate the issue in plugin

7.1CVSS6AI score0.00379EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/17 12:0 a.m.12 views

Extensions for Leaflet Map < 3.4.2 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00379EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.7 views

PT-2023-23136 · Unknown · Hupe13 Extensions For Leaflet Map

Name of the Vulnerable Software and Affected Versions: hupe13 Extensions for Leaflet Map plugin versions = 3.4.1 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing the...

7.1CVSS6.4AI score0.00379EPSS
Exploits0References5
Rows per page
Query Builder