Lucene search
K

8 matches found

Openbugbounty
Openbugbounty
added 2024/05/28 12:19 p.m.10 views

itour.ru Cross Site Scripting vulnerability OBB-3931380

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/05/28 8:38 a.m.14 views

double24.ru Cross Site Scripting vulnerability OBB-3931347

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.163 views

Simple Ajax Chat < 20240412 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...

7.8AI score0.00333EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.16 views

Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add a Lottie Animation block to a po...

5.2AI score0.00367EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.20 views

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. PoC...

6.6AI score0.01834EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.198 views

BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...

6.5AI score0.0043EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.242 views

Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add a Lottie Animation block to a post a...

5.9AI score0.00367EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.206 views

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. The Events Calendar "...

6.8AI score0.01834EPSS
Exploits2
Rows per page
Query Builder