Lucene search
K

4550 matches found

Nuclei
Nuclei
added 15 hours ago32 views

Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting

The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. id: CVE-2017-18492 info: name: Contact Form to DB by BestWebSoft 1.5.7 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-to-db plugin before 1.5.7 for WordPress has multip...

6.1CVSS6.4AI score0.01458EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago68 views

BestWebSoft's Twitter < 2.55 - Cross-Site Scripting

The twitter-plugin plugin before 2.55 for WordPress has XSS. id: CVE-2017-18505 info: name: BestWebSoft's Twitter 2.55 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The twitter-plugin plugin before 2.55 for WordPress has XSS. impact: | Authenticated attackers can...

6.1CVSS6.4AI score0.01652EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago45 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.4AI score0.03419EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago64 views

SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18518 info: name: SMTP by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.4AI score0.01621EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago34 views

WordPress CTHthemes - Cross-Site Scripting

WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query. id: CVE-2019-20210 info: name: WordPress CTHthemes - Cross-Site Scripting author: edoardottt severity: medium description: |...

6.1CVSS6.4AI score0.03243EPSS
Exploits4References5
Nuclei
Nuclei
added 15 hours ago40 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. id: CVE-2018-7196 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.5AI score0.02482EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago19 views

TOTVS Fluig Platform - Cross-Site Scripting

A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...

6.1CVSS4.3AI score0.02379EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago16 views

PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting

PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting XSS via the "action" parameter of index.php. id: CVE-2023-40751 info: name: PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | PHPJabbers Fundraising Script v1.0 is...

6.1CVSS6.4AI score0.01044EPSS
Exploits0References2
Nuclei
Nuclei
added 15 hours ago25 views

Hostel < 1.1.5.3 - Cross-Site Scripting

The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-3753 info: name: Hostel 1.1.5.3 - Cross-Site Scriptin...

5.9CVSS6.1AI score0.00807EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago104 views

phpMyAdmin <4.8.5 - Local File Inclusion

phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfi...

5.9CVSS6.6AI score0.15407EPSS
Exploits0References6
Nuclei
Nuclei
added 15 hours ago30 views

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...

4.3CVSS6.2AI score0.08732EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago12 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7AI score0.00568EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago49 views

GPT Academic v1.3.9 - Open Redirect

An open redirect vulnerability exists in GPT Academic v1.3.9, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-10812 info: name:...

6.1CVSS6.4AI score0.00574EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago54 views

Altenergy Power Control Software - SQL Injection

A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function getstatuszigbee of the file /index.php/display/statuszigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated...

6.5CVSS6.5AI score0.03725EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago35 views

WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting

The WP-Optimize WordPress plugin before 3.2.13 and SrbTransLatin WordPress plugin before 2.4.1 are vulnerable to cross-site scripting due to a third-party library that improperly handles HTML character escaping. id: CVE-2023-1119 info: name: WP-Optimize WordPress plugin 3.2.13 - Cross-Site...

6.1CVSS6.7AI score0.01158EPSS
Exploits2References2
Nuclei
Nuclei
added 15 hours ago39 views

Duplicator < 1.4.7.1 - Information Disclosure

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. id: CVE-2022-2552 info: name: Duplicator 1.4.7.1 - Information Disclosure author:...

5.3CVSS6.2AI score0.08415EPSS
Exploits5References2
Nuclei
Nuclei
added 15 hours ago16 views

ETQ Reliance - Reflected XSS via SQLConverterServlet

A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...

5.1CVSS6.2AI score0.01907EPSS
Exploits0References2
Nuclei
Nuclei
added 15 hours ago16 views

Journyx 11.5.4 - Reflected Cross Site Scripting

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. id: CVE-2024-6892 info: name: Journyx 11.5.4 - Reflected Cross Site Scripting author: DhiyaneshDk severity: medium description: | Attackers can craft a malicious...

6.1CVSS6.6AI score0.00713EPSS
Exploits2References3
Nuclei
Nuclei
added 15 hours ago22 views

Dash Framework - Cross-site Scripting

Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting XSS via href attribute in anchor tags. This template tests for javascript:alert payload injection. id: CVE-2024-21485 info: name: Dash Framework - Cross-site Scripting author: Lee Changhyuneeche severity: medium...

6.5CVSS6.5AI score0.01475EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago31 views

Usermin 2.100 - Username Enumeration

Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint. id: CVE-2024-44762 info: name: Usermin 2.100 - Username Enumeration author:...

5.3CVSS6.2AI score0.02621EPSS
Exploits5References4
Rows per page
Query Builder