Lucene search
K

56 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.5 views

CVE-2021-28359

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

6.1CVSS6.9AI score0.35963EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.18 views

Schema & Structured Data for WP & AMP < 1.24 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

6.5CVSS6.3AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.15 views

EazyDocs < 2.3.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.8CVSS8AI score0.00396EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/10 12:0 a.m.10 views

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

6.3AI score0.01192EPSS
Exploits1References2
OSV
OSV
added 2019/06/07 8:29 p.m.5 views

CVE-2018-10700

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iwboarddeviceName" is susceptible to this...

6.1CVSS6AI score0.39287EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/04/12 6:0 p.m.21 views

CVE-2018-10073

joyplus-cms 1.6.0 has XSS in manager/adminvod.php via the keyword parameter...

5AI score0.0064EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2014/09/20 8:1 p.m.16 views

ActiveHelper LiveHelp Server 3.1.0 - server/offline.php Multiple Parameter XSS

The activehelper-livehelp WordPress plugin was affected by a server/offline.php Multiple Parameter XSS security vulnerability...

4.3CVSS1.8AI score0.04513EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.13 views

GroupDocs Comparison <= 1.0.2 - Multiple Parameter XSS

The GroupDocs.Comparison for Cloud WordPress plugin was affected by a Multiple Parameter XSS security vulnerability...

1.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.11 views

PHPFreeChat 0.2.8 - lib/csstidy-1.2/css_optimiser.php url Parameter XSS

The phpfreechat WordPress plugin was affected by a lib/csstidy-1.2/cssoptimiser.php url Parameter XSS security vulnerability...

1.9AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.10 views

Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS

The Car Demon WordPress plugin was affected by a /wp-admin/post.php Multiple Parameter XSS security vulnerability...

2.3AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.17 views

Traffic Analyzer 3.3.2 - js/ta_loaded.js.php aoid Parameter XSS

The trafficanalyzer WordPress plugin was affected by a js/taloaded.js.php aoid Parameter XSS security vulnerability...

4.3CVSS2.7AI score0.13939EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.17 views

Zingiri Web Shop <= 2.4.0 - onecheckout.php notes Parameter XSS

The zingiri-web-shop WordPress plugin was affected by an onecheckout.php notes Parameter XSS security vulnerability...

4.3CVSS2AI score0.05337EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.15 views

Zingiri Web Shop <= 2.4.0 - zing.inc.php page Parameter XSS

The zingiri-web-shop WordPress plugin was affected by a zing.inc.php page Parameter XSS security vulnerability...

4.3CVSS1.8AI score0.05337EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.12 views

Uploader 1.0.4 - notify.php blog Parameter XSS

The uploader WordPress plugin was affected by a notify.php blog Parameter XSS security vulnerability...

4.3CVSS2.2AI score0.09239EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.18 views

SS Downloads 1.4.4.1 - services/getfile.php file Parameter XSS

The SS Downloads WordPress plugin was affected by a services/getfile.php file Parameter XSS security vulnerability...

4.3CVSS2.3AI score0.02046EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.18 views

Redirection - wp-admin/tools.php id Parameter XSS

The Redirection WordPress plugin was affected by a wp-admin/tools.php id Parameter XSS security vulnerability...

4.3CVSS2.6AI score0.00923EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

AIOCP 1.3.x cp_forum_view.php Multiple Parameter XSS

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

iSupport 1.8 ticket_function.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/37380/info iDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

KAPhotoservice search.asp filename Parameter XSS

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

osCommerce 2.2 admin/languages.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the...

7.1AI score
Exploits0
Rows per page
Query Builder