Lucene search
K

29 matches found

OSV
OSV
added 2024/05/14 3:41 p.m.7 views

CVE-2024-3582

The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

4.8CVSS5.8AI score0.00224EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.5 views

Ampache 安全漏洞

Ampache is a web-based audio/video application and file manager. A cross-site scripting vulnerability exists in Ampache 6.2.1 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in /preferences.php?action=adminupdatepreferences, which can be...

5.9CVSS5.8AI score0.00551EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.4 views

SuiteCRM 代码注入漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM suffers from an HTML injection vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the salesagility/suitecrm tittle, which can be exploited by an attacker to cause HTML...

9.8CVSS7.1AI score0.00686EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.2 views

SUSE CVE-2019-11025

In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string SNMP Options in the View poller cache, leading to XSS...

5.4CVSS5.8AI score0.01331EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.7 views

WordPress plugin Wicked Folders 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin for importing/exporting WordPress data. relevant is a relevant content...

5.4CVSS6.1AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2022/12/19 2:15 p.m.6 views

CVE-2022-4125

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well...

4.3CVSS5.9AI score0.00285EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/27 9:15 a.m.6 views

CVE-2022-1904

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.01388EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/04/29 9:15 p.m.2 views

CVE-2022-29947

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...

6.1CVSS6.3AI score0.00632EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.5 views

IBM Guardium Data Encryption 安全漏洞

IBM Guardium Data Encryption GDE is an application from IBM of America, Inc. IBM Guardium Data Encryption versions 4.0.0.0 and 5.0.0.0 contain a security vulnerability that stems from the fact that the software saves user information in a CSV form file with a comma as the separator symbol, but it...

8.8CVSS5.7AI score0.00471EPSS
Exploits0References3
Rows per page
Query Builder