Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3479 matches found

WPVulnDB
WPVulnDBadded 2023/04/19 12:0 a.m.16 views

Category Specific RSS feed Subscription < 2.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS8.2AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/19 12:0 a.m.19 views

EZP Maintenance Mode <= 1.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00461EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/19 12:0 a.m.16 views

White Label Branding for Elementor Page Builder <= 1.0.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/19 12:0 a.m.13 views

BizLibrary <= 1.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Login as Admin. 2. Go to...

4.8CVSS7.4AI score0.00489EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/19 12:0 a.m.19 views

Continuous announcement scroller <= 13.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/19 12:0 a.m.16 views

Flyzoo Chat <= 2.3.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/19 12:0 a.m.13 views

Yatra < 2.1.15 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/19 12:0 a.m.12 views

Ninja Tables < 4.3.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.0042EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/19 12:0 a.m.19 views

Easy Ad Manager <= 1.0.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
NVD
NVDadded 2023/04/18 10:15 p.m.14 views

CVE-2023-30606

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

4.9CVSS4.6AI score0.00388EPSS
Exploits0References1
Prion
Prionadded 2023/04/18 10:15 p.m.23 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

3.3CVSS5.2AI score0.00388EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/04/18 9:36 p.m.2 views

CVE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

4.2CVSS5.1AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/04/18 9:36 p.m.16 views

CVE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

4.2CVSS5.7AI score0.00388EPSS
Exploits0References1
WPVulnDB
WPVulnDBadded 2023/04/18 12:0 a.m.21 views

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the "Enter the URL: field, add the XSS...

4.8CVSS7.4AI score0.00824EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/18 12:0 a.m.14 views

Semalt Blocker <= 1.1.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/18 12:0 a.m.25 views

TaxoPress < 3.6.5 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS5.1AI score0.00521EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/18 12:0 a.m.19 views

ApexChat < 1.3.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00392EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologiesadded 2023/04/18 12:0 a.m.4 views

PT-2023-22804 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: Discourse is an open source platform for community discussion. In affected versions, a user logged as an administrator can call arbitrary methods on th...

4.9CVSS5.2AI score0.00388EPSS
Exploits0References8
WPVulnDB
WPVulnDBadded 2023/04/17 12:0 a.m.13 views

WP Login Box <= 2.0.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Set “Greeting Text” option to: Set “Enable the...

4.8CVSS7.6AI score0.00442EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDBadded 2023/04/14 12:0 a.m.23 views

Motor Racing League <= 1.9.9 - Admin+ XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00369EPSS
Exploits0Affected Software1
Rows per page
Query Builder