Lucene search
K

129 matches found

OSV
OSV
added 2023/10/16 8:15 p.m.4 views

CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

6.1CVSS5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.5 views

SUSE CVE-2006-0806

Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...

4.3CVSS6.1AI score0.05871EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.2 views

SUSE CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

4.3CVSS6AI score0.03326EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.5 views

PT-2023-9940 · Unknown · Ahmyi Rivettracker

Name of the Vulnerable Software and Affected Versions: ahmyi RivetTracker affected versions not specified Description: A problematic issue has been found in ahmyi RivetTracker, affecting some unknown processing. The manipulation of the argument $ SERVER'PHP SELF' leads to cross site scripting. Th...

6.1CVSS6.5AI score0.00568EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.4 views

CVE-2022-1217

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00757EPSS
Exploits1References2
OSV
OSV
added 2022/05/16 3:15 p.m.1 views

CVE-2022-1216

The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2022/02/04 11:15 p.m.4 views

CVE-2022-0380

The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $SERVER'PHPSELF' found in the /options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3...

6.1CVSS6.4AI score0.00866EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.6 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

6.1CVSS6.1AI score0.00866EPSS
Exploits1References3
OSV
OSV
added 2021/11/05 3:15 p.m.2 views

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

6.1CVSS5.8AI score0.00562EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/10/01 4:15 p.m.4 views

CVE-2021-40925

Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...

6.1CVSS6.6AI score0.00818EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.3 views

Faveo Helpdesk 跨站脚本漏洞

Faveo Helpdesk is an open source ticketing system built by Faveo based on Laravel framework. A cross-site scripting vulnerability in Faveo Helpdesk v1.11.0 and below allows remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...

6.1CVSS6.2AI score0.00818EPSS
Exploits1References2
OSV
OSV
added 2021/09/10 2:15 p.m.6 views

CVE-2021-38335

The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

6.1CVSS5.8AI score0.00866EPSS
Exploits1References2
OSV
OSV
added 2021/09/10 2:15 p.m.3 views

CVE-2021-38337

The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1...

6.1CVSS5.8AI score0.00866EPSS
Exploits1References2
OSV
OSV
added 2021/09/10 2:15 p.m.6 views

CVE-2021-38330

The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4...

6.1CVSS5.8AI score0.00908EPSS
Exploits1References2
OSV
OSV
added 2021/09/10 2:15 p.m.4 views

CVE-2021-38336

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

6.1CVSS6.4AI score0.00866EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2021/09/10 1:32 p.m.6 views

CVE-2021-38337 RSVPMaker Excel <= 1.1 Reflected Cross-Site Scripting

The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1...

6.1CVSS6.1AI score0.00866EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.3 views

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin WP Scrippets 1.5.1 and earlier versions, which stems from a lack of valid validation and escaping of the $SERVER"PHPSELEF" value in /wp-scrippets. An attacker...

6.1CVSS5.5AI score0.00908EPSS
Exploits1References4
OSV
OSV
added 2021/09/01 3:15 p.m.5 views

CVE-2021-39320

The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...

6.1CVSS6.4AI score0.02335EPSS
Exploits1References2
OSV
OSV
added 2021/08/16 7:15 p.m.3 views

CVE-2021-34667

The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

6.1CVSS6.4AI score0.00895EPSS
Exploits1References2
OSV
OSV
added 2021/08/16 7:15 p.m.5 views

CVE-2021-34663

The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...

6.1CVSS6.4AI score0.00895EPSS
Exploits1References2
Rows per page
Query Builder