Lucene search
K

25 matches found

Github Security Blog
Github Security Blog
added 2026/06/04 6:55 p.m.13 views

WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination

Unauthenticated Reflected XSS via $GET'search' in AVideo YouTubeAPI Gallery Pagination Summary A reflected Cross-Site Scripting vulnerability CWE-79 in the AVideo YouTubeAPI plugin allows any unauthenticated attacker to execute arbitrary JavaScript in a victim's browser session when the victim...

6.2AI score0.00094EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/13 3:20 a.m.3 views

CVE-2025-14477 404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter

The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the filterText paramet...

4.9CVSS6.5AI score0.00308EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0195

Malware in sbrugna...

4.3CVSS8.6AI score0.02209EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-0441

Malware in sbrugna...

6.4CVSS6.2AI score0.01508EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-11082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed i...

6.4CVSS6.7AI score0.01508EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.3 views

CVE-2020-11082

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1...

6.4CVSS6.6AI score0.01508EPSS
Exploits0References1
OSV
OSV
added 2023/02/22 1:26 p.m.10 views

OPENSUSE-SU-2023:0058-1 Security update for phpMyAdmin

This update for phpMyAdmin fixes the following issues: Update to 4.9.11: Fix an XSS attack through the drag-and-drop upload feature PMASA-2023-01, CWE-661, boo1208186, CVE-2023-25727 Fix broken pagination links in the navigation sidebar Fix syntax error for PHP 5 Fix hideconnectionerrors being...

5.4CVSS5.5AI score0.01163EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.3 views

SUSE CVE-2013-6459

Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links...

4.3CVSS7.9AI score0.02209EPSS
Exploits1References6
Veracode
Veracode
added 2020/05/29 1:18 a.m.27 views

Cross-site Scripting (XSS)

kaminari-core is vulnerable to cross-site scripting XSS. The attack is possible because of an incomplete GET param black-listing, allowing an attacker to inject and execute arbitrary Javascript via the originalscriptname parameter when a user visits pages containing pagination links...

6.4CVSS4.3AI score0.01508EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2020/05/28 9:15 p.m.12 views

CVE-2020-11082

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1...

6.4CVSS6.7AI score0.01508EPSS
Exploits0References5
OSV
OSV
added 2020/05/28 9:15 p.m.3 views

DEBIAN-CVE-2020-11082

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1...

6.1CVSS6.6AI score0.01508EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/05/28 9:10 p.m.23 views

CVE-2020-11082 Cross-Site Scripting in Kaminari

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1...

6.4CVSS6.6AI score0.01508EPSS
Exploits0References5
Snyk
Snyk
added 2020/05/26 11:0 p.m.2 views

Cross-site Scripting (XSS)

Overview kaminari is a Scope & Engine based, clean, powerful, agnostic, customizable and sophisticated paginator for Rails 4+. Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker can inject arbitrary code into pages with pagination links. PoC For example, an...

6.4CVSS5.5AI score0.01508EPSS
Exploits0References2
OSV
OSV
added 2017/10/24 6:33 p.m.20 views

GHSA-8R6H-7X9G-XMW9 will_paginate Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links...

4.3CVSS7.2AI score0.02209EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.44 views

will_paginate Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links...

4.3CVSS4.3AI score0.02209EPSS
Exploits1References5Affected Software1
Mageia
Mageia
added 2014/02/11 10:37 p.m.50 views

Updated ruby-will_paginate package fixes CVE-2013-6459

Updated ruby-willpaginate packages fix security vulnerability: Cross-Site Scripting XSS vulnerabilities were found in willpaginate gem for Ruby, where certain input related to generated pagination links were not properly sanitised before being returned. This could be exploited to execute arbitrar...

4.3CVSS0.7AI score0.02209EPSS
Exploits1References3
NVD
NVD
added 2013/12/31 4:4 p.m.18 views

CVE-2013-6459

Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links...

4.3CVSS7.1AI score0.02209EPSS
Exploits1References4
OSV
OSV
added 2013/12/31 4:4 p.m.1 views

DEBIAN-CVE-2013-6459

Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links...

4.3CVSS7.7AI score0.02209EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2013/12/31 4:4 p.m.27 views

CVE-2013-6459

Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links...

4.3CVSS7.3AI score0.02209EPSS
Exploits1References3
Prion
Prion
added 2013/12/31 4:4 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links...

4.3CVSS6AI score0.02209EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder