Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.15 views

CVE-2021-24229

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is...

9.6CVSS5.7AI score0.01758EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/28 6:0 a.m.27 views

CVE-2024-5730 Pagerank Tools <= 1.1.5 - Reflected XSS

The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.00395EPSS
Exploits4References1
WPVulnDB
WPVulnDB
added 2023/04/25 12:0 a.m.17 views

Arya Multipurpose <= 1.0.5 - Unauthenticated Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2018/09/13 4:0 p.m.20 views

CVE-2018-16744

An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...

7.8AI score0.01034EPSS
Exploits2References1
CVE
CVE
added 2018/01/16 9:0 p.m.61 views

CVE-2017-17947

CVE-2017-17947 is a cross-site scripting vulnerability in Pulse Secure’s Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) affecting custompage.cgi. The issue arises from one unsanitized URL parameter, enabling injected script when the attacker is authenticated as an administrator; it does...

4.8CVSS4.8AI score0.00503EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder