Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2024/02/12 4:15 p.m.0 views

CVE-2024-0420

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2024/01/03 6:15 a.m.2 views

CVE-2023-6524

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

5.4CVSS6AI score0.00109EPSS
Exploits2References3
OSV
OSVadded 2021/08/09 10:15 a.m.1 views

CVE-2021-24502

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score
Exploits0References2
CNVD
CNVDadded 2018/03/28 12:0 a.m.1 views

WordPress Events Manager Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up personal blog sites.Events Manager plugin is used in one of the registration plugin. A cross-site scripting vulnerability exists in th...

5.4CVSS6.3AI score0.00219EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2018/03/26 12:0 a.m.3 views

PT-2018-18784 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: Events Manager plugin versions prior to 5.8.1.2 Description: The issue allows for XSS via the mapTitle parameter in the Google Maps miniature within the events-manager.js file. Recommendations: For versions prior to 5.8.1.2, update to version...

5.4CVSS6.1AI score0.00219EPSS
Exploits1References7
NVD
NVDadded 2014/06/05 8:55 p.m.13 views

CVE-2013-2618

Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter...

4.3CVSS5.6AI score0.08691EPSS
Exploits6References7
ATTACKERKB
ATTACKERKBadded 2014/06/05 12:0 a.m.81 views

CVE-2013-2618

Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

4.3CVSS4.4AI score0.08691EPSS
In wildExploits6References8
Packet Storm
Packet Stormadded 2013/04/01 12:0 a.m.33 views

Network Weathermap 0.97a Cross Site Scripting

Network Weathermap 0.97a - Persistent XSS Earlier versions are also possibly vulnerable. INFORMATION Product: Network Weathermap 0.97a Remote-exploit: yes Vendor-URL: http://www.network-weathermap.com/ Discovered by: Daniel Ricardo dos Santos CVE Request - 15/03/2013 CVE Assign - 18/03/2013 CVE...

4.3CVSS0.08691EPSS
Exploits6
Rows per page
Query Builder