Lucene search
K

1410 matches found

Node.js
Node.js
added 2019/10/04 7:21 p.m.34 views

Cross-Site Scripting

Overview Versions of dompurify prior to 2.0.3 are vulnerable to Cross-Site Scripting XSS. The package has an XSS filter bypass due to Mutation XSS in both Chrome and Safari through a combination of / elements and /. An example payload is: ". This allows attackers to bypass the XSS protection and...

4.3CVSS3.7AI score0.0167EPSS
Exploits2Affected Software1
NVD
NVD
added 2019/09/24 5:15 a.m.18 views

CVE-2019-16728

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

6.1CVSS6.3AI score0.0167EPSS
Exploits2References2
OSV
OSV
added 2019/09/24 5:15 a.m.26 views

CVE-2019-16728

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

6.1CVSS5.9AI score
Exploits0References2
Prion
Prion
added 2019/09/24 5:15 a.m.18 views

Cross site scripting

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

4.3CVSS6.2AI score0.0167EPSS
Exploits2References2Affected Software2
UbuntuCve
UbuntuCve
added 2019/09/24 5:15 a.m.40 views

CVE-2019-16728

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

6.1CVSS6.3AI score0.0167EPSS
Exploits2References2
OSV
OSV
added 2019/09/24 5:15 a.m.2 views

UBUNTU-CVE-2019-16728

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

6.1CVSS6.4AI score0.0167EPSS
Exploits2References3
Cvelist
Cvelist
added 2019/09/24 4:2 a.m.19 views

CVE-2019-16728

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

6.2AI score0.0167EPSS
Exploits2References2
Debian CVE
Debian CVE
added 2019/09/24 4:2 a.m.30 views

CVE-2019-16728

Removed by vendor...

6.1CVSS6.2AI score0.0167EPSS
Exploits2
OpenVAS
OpenVAS
added 2019/08/29 12:0 a.m.15 views

WordPress Rank Math SEO Plugin <= 1.0.27 Authentication Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rankmath:seo"; ifdescription...

6.5CVSS6.5AI score0.01381EPSS
Exploits2References3
CNVD
CNVD
added 2019/08/20 12:0 a.m.10 views

WordPress Rank Math SEO Plugin Code Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Rank Math SEO is a search engine optimization SEO plugin used in... A code injection vulnerability exists in the...

6.5CVSS7.4AI score0.01381EPSS
Exploits2References1
OSV
OSV
added 2019/08/15 4:15 p.m.2 views

CVE-2019-14786

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...

6.5CVSS6.6AI score0.01381EPSS
Exploits2References3
NVD
NVD
added 2019/08/15 4:15 p.m.14 views

CVE-2019-14786

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...

6.5CVSS6.5AI score0.01381EPSS
Exploits2References3
Prion
Prion
added 2019/08/15 4:15 p.m.11 views

Code injection

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...

4CVSS6.5AI score0.01381EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2019/08/15 3:47 p.m.19 views

CVE-2019-14786

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter...

6.5AI score0.01381EPSS
Exploits2References3
CVE
CVE
added 2019/08/15 3:47 p.m.53 views

CVE-2019-14786

CVE-2019-14786 affects WordPress Rank Math SEO plugin (version 1.0.27). The vulnerability allows any authenticated user (non-admin) to reset plugin settings via wp-admin/admin-post.php?reset-cmb parameter. The issue is documented across multiple sources (NVD, Red Hat, OpenVAS, WPVulnDB) and relat...

6.5CVSS6.4AI score0.01381EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/15 12:0 a.m.4 views

PT-2019-13831 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO plugin version 1.0.27 Description: The issue allows non-admin users to reset settings. This is achieved via the wp-admin/admin-post.php endpoint, specifically through the reset-cmb parameter. Recommendations: For Rank Math SEO...

6.5CVSS6.3AI score0.01381EPSS
Exploits2References5
OSV
OSV
added 2019/08/06 4:15 p.m.32 views

CVE-2019-14697

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code...

9.8CVSS1.9AI score
Exploits0References3
Cvelist
Cvelist
added 2019/08/06 3:34 p.m.40 views

CVE-2019-14697

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code...

9.4AI score0.02726EPSS
Exploits1References3
NVD
NVD
added 2019/07/15 10:15 p.m.17 views

CVE-2019-0234

A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...

6.1CVSS6AI score0.03445EPSS
Exploits0References2
Prion
Prion
added 2019/07/15 10:15 p.m.21 views

Cross site scripting

A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...

4.3CVSS6AI score0.03445EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder