Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.9 views

CVE-2026-2425

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.7AI score0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.43 views

CVE-2026-2425 hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00208EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.13 views

PT-2026-45703

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00208EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

WordPress plugin hiWeb Migration Simple 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.1AI score0.00208EPSS
Exploits0References3
HackRead
HackRead
added 2023/06/13 1:26 p.m.18 views

BreachForums Returns Under the Control of ShinyHunters Hackers

By Waqas BreachForums is already online with a new domain, gaining attraction from members, authorities, and the cybersecurity community. This is a post from HackRead.com Read the original post: BreachForums Returns Under the Control of ShinyHunters Hackers...

7AI score
Exploits0
Huntr
Huntr
added 2023/01/20 7:36 p.m.18 views

Stored/Reflected XSS when add new domain

Description there is an XSS vulnerability that malicious script is injected directly in list of domain Proof of Concept 1//go to admin/domains/ 2/ click add to add a new domain 3/ in name section add this payload " and you can see payload executed POC...

4.9CVSS5.1AI score0.00613EPSS
Exploits1
OSV
OSV
added 2022/11/01 1:15 p.m.4 views

ALPINE-CVE-2022-42320

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...

7CVSS6.8AI score0.0027EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/11/01 1:15 p.m.18 views

CVE-2022-42320

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...

7CVSS7AI score0.0027EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/11/01 1:15 p.m.1 views

CVE-2022-42320

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...

7CVSS5.8AI score0.0027EPSS
Exploits0References12
OSV
OSV
added 2022/11/01 1:15 p.m.1 views

UBUNTU-CVE-2022-42320

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...

7CVSS7AI score0.0027EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.27 views

CVE-2022-42320

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...

7.8AI score0.0027EPSS
Exploits0References8
Kitploit
Kitploit
added 2022/03/12 8:30 p.m.37 views

DomainAlerting - Daily Alert When A New Domain Name Is Registered And Contains Your Keywords

Daily alert when a new domain name is registered and contains your keywords. Description DomainAlerting tool allows you to perform two main actions for educational purposes only: Download newly registered domains Send automatic email alert You can setup a wordlist and be alerted by email when you...

7.2AI score
Exploits0References3
Cvelist
Cvelist
added 2018/12/13 7:0 p.m.24 views

CVE-2018-19118

Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service stack-based buffer overflow via the 'Domain Name' field when adding a new domain...

7.5AI score0.06735EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/20 12:0 a.m.4 views

Vonage VDV-23 Cross-Site Scripting Vulnerability

The Vonage VDV-23 115 is a routing repeater from Vonage USA. A cross-site scripting vulnerability exists in the Vonage VDV-23 115 version 3.2.11-0.9.40. A remote attacker can exploit this vulnerability by sending the NewKeyword or NewDomain field to /goform/RgParentalBasic to inject arbitrary web...

5.4CVSS6.2AI score0.01494EPSS
Exploits3References1
Openbugbounty
Openbugbounty
added 2016/03/04 1:58 a.m.9 views

provision.ps XSS vulnerability

Vulnerable URL: http://provision.ps/register-new-domain Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 12867717 Google Pagerank| 2 VIP website status:| No Check provision.ps SSL...

6.3AI score
Exploits0
Rows per page
Query Builder