CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7650 matches found

NVD•added 2022/05/25 4:15 p.m.•17 views

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

6.1CVSS0.00655EPSS

Exploits0References2

OSV•added 2022/05/25 4:15 p.m.•2 views

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

6.1CVSS5.8AI score0.00655EPSS

Exploits0References2

Prion•added 2022/05/25 4:15 p.m.•15 views

Cross site scripting

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

4.3CVSS5.9AI score0.00655EPSS

Exploits0References2Affected Software1

CVE•added 2022/05/25 3:58 p.m.•95 views

CVE-2022-29408

The CVE-2022-29408 entry concerns Vsourz Digital’s WordPress plugin Advanced Contact form 7 DB (<= 1.8.7). Connected sources confirm a persistent (stored) Cross-Site Scripting (XSS) vulnerability, caused by insufficient sanitization/escaping of a parameter in the plugin’s form handling, enabli...

6.1CVSS5.2AI score0.00655EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2022/05/24 10:28 p.m.•47 views

Moodle Persistent Cross-site Scripting (XSS)

Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...

5.4CVSS5.9AI score0.00791EPSS

Exploits0References4Affected Software1

OSV•added 2022/05/24 5:31 p.m.•24 views

GHSA-JXJC-6XMH-H7MG Magento 2 Community Edition XSS Vulnerability

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This...

6.1CVSS6.1AI score0.0172EPSS

Exploits0References3

Github Security Blog•added 2022/05/24 5:24 p.m.•12 views

Shopware vulnerable to Cross-site Scripting

In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...

5.4CVSS5.8AI score0.00584EPSS

Exploits0References4Affected Software1

OSV•added 2022/05/24 5:24 p.m.•12 views

GHSA-FXF3-WX3C-76PF Shopware vulnerable to Cross-site Scripting

5.4CVSS5.3AI score0.00584EPSS

Exploits0References4

OSV•added 2022/05/24 5:7 p.m.•8 views

GHSA-F99H-H678-FGG4 Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet

In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will...

5.4CVSS5.7AI score0.04457EPSS

Exploits3References5

NVD•added 2022/05/20 9:15 p.m.•20 views

CVE-2022-29432

Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...

4.8CVSS0.00489EPSS

Exploits0References2

Prion•added 2022/05/20 9:15 p.m.•16 views

Cross site scripting

3.5CVSS5AI score0.00489EPSS

Exploits0References2Affected Software1

CVE•added 2022/05/20 8:48 p.m.•78 views

CVE-2022-29432

CVE-2022-29432 covers multiple authenticated persistent XSS vulnerabilities in the WordPress plugin wpDataTables (versions

4.8CVSS4.7AI score0.00489EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/05/20 8:44 p.m.•21 views

CVE-2022-29430 WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability in KubiQ's PNG to JPG plugin = 4.0 at WordPress via Cross-Site Request Forgery CSRF. Vulnerable parameter &jpgquality...

4.7CVSS6.3AI score0.00336EPSS

Exploits0References2

OSV•added 2022/05/20 1:15 p.m.•3 views

CVE-2022-29880

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the...

6.5CVSS6.7AI score0.00582EPSS

Exploits0References3

ThreatPost•added 2022/05/18 2:1 p.m.•29 views

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Most advanced persistent threat groups APTs use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. Security researchers at the University ...

7.5AI score

Exploits0References8

OSSF Malicious Packages•added 2022/05/18 6:5 a.m.•3 views

Malicious code in pco_api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9c8289fc4eb78d3e66ed76818f5f799edc0dbee5bebe64774a03a2c3148158b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

Vulnrichment•added 2022/05/17 7:51 p.m.•7 views

CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)

Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...

4.7CVSS5.3AI score0.00358EPSS

Exploits0References2

Cvelist•added 2022/05/17 7:51 p.m.•21 views

CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)

4.7CVSS6.4AI score0.00358EPSS

Exploits0References2

Securelist•added 2022/05/17 2:0 p.m.•24 views

Evaluation of cyber activities and the threat landscape in Ukraine

Introduction When the war in Ukraine broke out, many analysts were surprised to discover that what was simultaneously happening in the cyber domain did not match their predictions1. Since the beginning of the fighting, new cyberattacks taking place in Ukraine have been identified every week, whic...

7AI score

Exploits0

Rockylinux•added 2022/05/17 7:52 a.m.•8 views

new packages: device-mapper-persistent-data

An update is available for device-mapper-persistent-data. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...

2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by