Lucene search
K

67 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:2 a.m.6 views

CVE-2011-4595

Pretty-Link WordPress plugin 1.5.2 has XSS...

6.1CVSS6.8AI score0.02407EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/03/03 2:15 p.m.3 views

CVE-2025-23688

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in editionskezzal Cobwebo URL Plugin cobwebo-url allows Reflected XSS.This issue affects Cobwebo URL Plugin: from n/a through = 1.0...

7.1CVSS5.9AI score0.00366EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:32 p.m.2 views

Malicious code in atlassian-static-assets-url-plugin (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/09/05 11:23 p.m.13 views

CVE-2024-45400 CKEditor Open Link plugin vulnerable to Cross-site Scripting

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix...

6.1CVSS7AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.5 views

PT-2024-31604 · Ckeditor · Ckeditor Open Link Plugin

Name of the Vulnerable Software and Affected Versions: ckeditor-plugin-openlink versions prior to 1.0.7 Description: A vulnerability in the ckeditor-plugin-openlink plugin for the CKEditor JavaScript text editor allowed a user to execute JavaScript code by abusing the link href attribute. This...

6.1CVSS7.5AI score0.00275EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/08/17 12:0 a.m.3 views

WordPress plugin Short URL 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.7CVSS6.5AI score0.00174EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/14 5:17 p.m.39 views

CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...

6.1CVSS0.00856EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/14 5:17 p.m.25 views

CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...

6.1CVSS7AI score0.00856EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.4 views

Open Link Security Vulnerability

Open Link plugin is a very simple plugin by Marek Lewandowski personal developer. It is possible to extend the context menu and open links in new tabs. A security vulnerability exists in versions prior to Open Link 1.0.5, which stems from a cross-site scripting vulnerability in the Open Link...

6.1CVSS6.3AI score0.00856EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.6 views

PT-2024-27812 · Ckeditor · Ckeditor Open Link Plugin

Name of the Vulnerable Software and Affected Versions: CKEditor Open Link plugin versions prior to 1.0.5 Description: The issue allows execution of JavaScript code by abusing the link href attribute. It affects users of the Open Link plugin. Recommendations: For versions prior to 1.0.5, update to...

6.1CVSS7.5AI score0.00856EPSS
Exploits0References6
NVD
NVD
added 2024/06/05 10:15 a.m.20 views

CVE-2024-5536

The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipresslink shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/05 9:32 a.m.15 views

CVE-2024-5536 GamiPress – Link <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipresslink shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/29 12:0 a.m.4 views

PT-2023-17109 · WordPress · Short Url Plugin

Name of the Vulnerable Software and Affected Versions: Short URL plugin for WordPress versions up to, and including, 1.6.4 Description: The issue arises from insufficient input sanitization and output escaping, allowing stored Cross-Site Scripting attacks via the comment parameter. This enables...

4.8CVSS8.5AI score0.00405EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/06/09 10:41 p.m.30 views

@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme

Impact Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. Patches...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/06/09 5:4 p.m.40 views

CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.5 views

Plate 跨站脚本漏洞

Plate is an open source plugin system for Udecode that makes it easier to build full-featured editors. Plate suffers from a cross-site scripting vulnerability that stems from the link plugin and link UI component not cleaning up URLs to prevent the use of the javascript: header...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References3
OSV
OSV
added 2023/05/23 3:15 p.m.3 views

CVE-2023-26011

Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Read More Excerpt Link plugin = 1.6 versions...

8.8CVSS7.3AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2023/05/23 3:15 p.m.32 views

CVE-2023-26011

Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Read More Excerpt Link plugin = 1.6 versions...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/23 2:44 p.m.38 views

CVE-2023-26011 WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Read More Excerpt Link plugin = 1.6 versions...

4.3CVSS9AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2023/05/16 6:30 p.m.50 views

GHSA-PP8M-PRR7-WR8W Jenkins Sidebar Link Plugin vulnerable to Path Traversal

Jenkins Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons. Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existenc...

4.3CVSS4.7AI score0.72358EPSS
Exploits0References3
Rows per page
Query Builder