Lucene search
+L

114 matches found

OSV
OSV
added 2024/09/27 7:15 a.m.5 views

CVE-2024-8991

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS6AI score0.00388EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/09/27 6:53 a.m.9 views

CVE-2024-8991 OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00388EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/09/27 6:53 a.m.28 views

CVE-2024-8991 OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00388EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.6 views

PT-2024-39356 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's osm map and osm map v3 shortcodes due to insufficient input sanitization and outpu...

6.4CVSS6.2AI score0.00388EPSS
Exploits0References13
Patchstack
Patchstack
added 2024/09/27 12:0 a.m.9 views

WordPress OSM – OpenStreetMap Plugin <= 6.1.0 is vulnerable to Cross Site Scripting (XSS)

Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 602fbf695703 Credits Peter Thaleikis...

6.4CVSS5.8AI score0.00388EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/09 9:15 a.m.6 views

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

8.8CVSS5.9AI score0.00528EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 9:15 a.m.29 views

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.9CVSS0.00528EPSS
Exploits0References3
OSV
OSV
added 2024/07/09 9:15 a.m.8 views

CVE-2024-3603

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

5.4CVSS6AI score0.00344EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 8:33 a.m.54 views

CVE-2024-3603

CVE-2024-3603 affects the OSM – OpenStreetMap WordPress plugin. All versions up to 6.0.2 are vulnerable to a Stored XSS via the plugin’s osm_map shortcode due to insufficient input sanitization and output escaping for attributes (e.g., theme). Exploitation requires contributor-level access or hig...

6.4CVSS6.1AI score0.00344EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.13 views

PT-2024-26858 · WordPress · Osm – Openstreetmap Plugin

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.0.2 Description: The issue is related to SQL Injection via the tagged filter attribute of the osm map v3 shortcode due to insufficient escaping on the user-supplied...

9.9CVSS7.4AI score0.00528EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.8 views

PT-2024-26854 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'osm map' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00344EPSS
Exploits0References6
NVD
NVD
added 2024/06/19 4:15 a.m.29 views

CVE-2024-4663

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS0.00378EPSS
Exploits0References3
CVE
CVE
added 2024/06/19 3:12 a.m.62 views

CVE-2024-4663

The CVE-2024-4663 entry covers the OSM Map Widget for Elementor WordPress plugin. It affects all versions up to 1.2.2, with a Reflected Cross-Site Scripting vulnerability in the id parameter caused by insufficient input sanitization and output escaping. The issue can allow unauthenticated attacke...

6.4CVSS6.3AI score0.00378EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/19 3:12 a.m.16 views

CVE-2024-4663 OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS6.4AI score0.00378EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/19 3:12 a.m.39 views

CVE-2024-4663 OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS0.00378EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/19 12:0 a.m.5 views

WordPress plugin OSM Map Widget for Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

6.4CVSS6.2AI score0.00378EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/06/18 6:0 p.m.5 views

WordPress OSM Map Widget for Elementor plugin < 1.3.0 - Authenticated Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Stored Cross-Site Scripting via id Parameter vulnerability discovered by stealthcopter in WordPress Plugin OSM Map Widget for Elementor versions 1.3.0...

6.4CVSS5.8AI score0.00378EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/18 12:0 a.m.14 views

WordPress OSM Map Widget for Elementor Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software OSM Map Widget for Elementor Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4663 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4fcc595d31d1 Credits stealthcopter...

6.4CVSS5.8AI score0.00378EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/04/22 12:0 a.m.72 views

CVE-2022-35503

Open Source MANO (OSM) versions 7–12 have a vulnerability in the LCM module container when handling a VNF descriptor due to improper verification of user input. An authenticated attacker can execute arbitrary code within the LCM container, potentially changing normal OSM component execution, leak...

7.5CVSS7.7AI score0.00536EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/02/13 3:31 p.m.6 views

@etalab/cadastre (>=0.14.0 <=0.21.0), @fmidev/smartmet-alert-client (>=3.0.0 <=3.8.8) +14 more potentially affected by CVE-2024-1163 via mapshaper (>=0.3.43 <=0.6.42)

mapshaper NPM version =0.3.43, =0.14.0, =3.0.0, =0.0.1, =0.1.9, =0.1.0, =0.0.1, =0.0.3, =2.1.0, =1.3.1, =0.0.1, =0.0.1, =0.1.0 - tile-maker =0.0.1 and more Source cves: CVE-2024-1163 Source advisory: OSV:GHSA-8M36-62RW-9MXW...

7.7CVSS6.8AI score0.00408EPSS
Exploits1
Rows per page
Query Builder