Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2167 matches found

NVD
NVDadded 2023/06/03 5:15 a.m.13 views

CVE-2023-2303

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the...

6.1CVSS5.9AI score0.00254EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2023/06/03 5:15 a.m.0 views

CVE-2023-2301

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...

6.1CVSS7.1AI score0.00306EPSS
Exploits1References4
NVD
NVDadded 2023/06/03 5:15 a.m.9 views

CVE-2023-2405

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

6.5CVSS5.9AI score0.00095EPSS
Exploits2References4
Prion
Prionadded 2023/06/03 5:15 a.m.12 views

Cross site request forgery (csrf)

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...

5.8CVSS5.8AI score0.00306EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2023/06/03 5:15 a.m.15 views

Cross site request forgery (csrf)

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

4.3CVSS6.1AI score0.00095EPSS
Exploits2References3Affected Software1
Prion
Prionadded 2023/06/03 5:15 a.m.14 views

Cross site request forgery (csrf)

The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

4.3CVSS6.1AI score0.00111EPSS
Exploits2References4Affected Software2
Prion
Prionadded 2023/06/03 5:15 a.m.21 views

Cross site request forgery (csrf)

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin...

5.8CVSS5.8AI score0.00254EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2023/06/03 4:35 a.m.16 views

CVE-2023-2301 Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...

6.1CVSS6.7AI score0.00306EPSS
Exploits1References4
Cvelist
Cvelistadded 2023/06/03 4:35 a.m.19 views

CVE-2023-2303 Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the...

6.1CVSS6.1AI score0.00254EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2023/06/03 4:35 a.m.19 views

CVE-2023-2303 Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the...

6.1CVSS6.7AI score0.00254EPSS
Exploits1References4
Cvelist
Cvelistadded 2023/06/03 4:35 a.m.14 views

CVE-2023-2405 CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

6.1CVSS6.3AI score0.00095EPSS
Exploits2References4
NVD
NVDadded 2023/06/03 12:15 a.m.11 views

CVE-2023-3055

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhsave' function. This makes it possible for unauthenticated attackers to update the post content an...

6.1CVSS5.9AI score0.00113EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/06/01 12:0 a.m.1 views

Splunk 跨站脚本漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

6.1CVSS6.4AI score0.00514EPSS
Exploits0References3
NVD
NVDadded 2023/05/30 10:15 p.m.14 views

CVE-2023-33961

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...

8.9CVSS8.8AI score0.00814EPSS
Exploits0References1
OSV
OSVadded 2023/05/30 9:34 p.m.12 views

CVE-2023-33961 Leantime Stored Cross-site Scripting Vulnerability

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...

8.9CVSS5.7AI score0.00814EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2023/05/30 8:15 p.m.1 views

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

6.1CVSS6AI score0.08071EPSS
Exploits3References3
Ubuntu
Ubuntuadded 2023/05/30 2:32 p.m.81 views

USN-6120-1: SpiderMonkey vulnerabilities

Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service...

8.8CVSS7.7AI score0.00338EPSS
Exploits0
OSV
OSVadded 2023/05/30 2:32 p.m.0 views

USN-6120-1 mozjs102 vulnerabilities

Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service...

8.8CVSS6.8AI score0.00338EPSS
Exploits0References10
Veracode
Veracodeadded 2023/05/22 9:1 a.m.13 views

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability exists via the name parameter on API integrations due to lack of sanitization which allows an attacker to inject and execute malicious javascript...

5.5CVSS6.6AI score0.02044EPSS
Exploits0References8Affected Software1
CNNVD
CNNVDadded 2023/05/19 12:0 a.m.1 views

JIZHICMS 跨站脚本漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology. A security vulnerability exists in JIZHICMS version v2.4.6, which stems from the presence of a Cross-Site Scripting Attack XSS vulnerability that allows an...

5.4CVSS5.6AI score0.00285EPSS
Exploits1References2
Rows per page
Query Builder