CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3475 matches found

Prion•added 2023/07/28 4:15 p.m.•20 views

Design/Logic Flaw

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patche...

4CVSS6.3AI score0.00579EPSS

Exploits2References2Affected Software1

Cvelist•added 2023/07/28 3:18 p.m.•31 views

CVE-2023-38498 Discourse vulnerable to DoS via defer queue

4.3CVSS6.5AI score0.00579EPSS

Exploits2References2

Vulnrichment•added 2023/07/28 3:18 p.m.•29 views

CVE-2023-38498 Discourse vulnerable to DoS via defer queue

4.3CVSS6.6AI score0.00579EPSS

Exploits2References2

OSV•added 2023/07/28 3:18 p.m.•37 views

CVE-2023-38498 Discourse vulnerable to DoS via defer queue

4.3CVSS6.3AI score0.00579EPSS

Exploits2References4

CVE•added 2023/07/28 3:18 p.m.•107 views

CVE-2023-38498

Discourse (open source forum software) is affected by CVE-2023-38498. Prior to Discourse 3.0.6 (stable) and 3.1.0.beta7 (beta/tests-passed), a malicious user can cause the defer queue to not progress promptly on multisite installations within the same site. The vulnerability is fixed in 3.0.6 (st...

6.5CVSS5.2AI score0.00579EPSS

Exploits2References2Affected Software1

CNNVD•added 2023/07/28 12:0 a.m.•2 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse that originates from a malicious user being able to prevent a delayed queue from proceeding quickly on sites hosted in the same...

6.5CVSS6.4AI score0.00579EPSS

Exploits2References3

Positive Technologies•added 2023/07/28 12:0 a.m.•2 views

PT-2023-26478 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches Description: A malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite...

6.5CVSS6.3AI score0.00579EPSS

Exploits2References8

Packet Storm•added 2023/07/25 12:0 a.m.•447 views

WordPress Seo By 10Web Cross Site Scripting

Tittle: WordPress Plugin Seo By 10Web 4. Save to trigger the XSS. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/a76b6d22-1e00-428a-8a04-12162bd0d992...

4.8CVSS7.1AI score0.00909EPSS

Exploits3

OSV•added 2023/07/24 11:15 a.m.•2 views

CVE-2023-3248

The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS7.3AI score0.00408EPSS

Exploits1References1

OSV•added 2023/07/24 11:15 a.m.•5 views

CVE-2023-3344

The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS7.3AI score0.00379EPSS

Exploits1References1

Prion•added 2023/07/24 11:15 a.m.•11 views

Cross site scripting

4.3CVSS4.7AI score0.00379EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/07/24 10:20 a.m.•22 views

CVE-2023-3248 All-in-one Floating Contact Form < 2.1.2 - Admin+ Stored Cross-Site Scripting

5AI score0.00408EPSS

Exploits1References1

Cvelist•added 2023/07/24 10:20 a.m.•19 views

CVE-2023-3344 Auto Location for WP Job Manager via Google < 1.1 - Admin+ Cross Site Scripting

5AI score0.00379EPSS

Exploits1References1

WPVulnDB•added 2023/07/24 12:0 a.m.•25 views

WP Brutal AI < 2.06 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC In the plugin settings, for a...

4.8CVSS4.7AI score0.01973EPSS

Exploits3Affected Software1

WPVulnDB•added 2023/07/24 12:0 a.m.•12 views

Custom Field For WP Job Manager < 1.2 - Admin+ Stored XSS

4.8CVSS5.8AI score0.00382EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/07/20 12:0 a.m.•15 views

Custom Post Type Generator <= 2.4.2 - Admin+ Stored Cross-Site Scripting

5.9CVSS5.8AI score0.00369EPSS

Exploits0

Patchstack•added 2023/07/18 12:0 a.m.•4 views

WordPress Multisite Robots.txt Manager Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Multisite Robots.txt Manager Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6e315ff280c9 Credits Rafie Muhammad...

6.3AI score0.00284EPSS

Exploits0References2Affected Software1

NVD•added 2023/07/17 2:15 p.m.•31 views

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.4CVSS0.00317EPSS

Exploits1References1

Vulnrichment•added 2023/07/17 1:29 p.m.•13 views

CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS

5.9AI score0.00317EPSS

Exploits1References1

Cvelist•added 2023/07/17 1:29 p.m.•31 views

CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS

5.5AI score0.00317EPSS

Exploits1References1

Rows per page