Lucene search
K

12 matches found

NVD
NVD
added 2026/02/11 9:15 a.m.6 views

CVE-2026-1804

The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0024EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.11 views

PT-2026-7499

The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.0024EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/22 12:31 a.m.4 views

EUVD-2025-198517

A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window...

5.5AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/13 12:0 a.m.5 views

PT-2022-14084 · WordPress · Sticky Popup

Name of the Vulnerable Software and Affected Versions: Sticky Popup plugin for WordPress versions up to, and including, 1.2 Description: The issue is related to Stored Cross-Site Scripting via the popup title parameter due to insufficient input sanitization and output escaping. This allows...

5.5CVSS5AI score0.00526EPSS
Exploits0References6
NVD
NVD
added 2019/03/27 8:29 p.m.19 views

CVE-2018-15585

Cross-Site Scripting XSS vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter...

6.1CVSS5.9AI score0.01521EPSS
Exploits0References3
CVE
CVE
added 2019/03/27 7:1 p.m.43 views

CVE-2018-15585

GNUBOARD5 before 5.3.1.6 is affected by an XSS in newwinform.php via the popup title parameter. The issue enables remote attackers to inject arbitrary script/HTML in web pages. Affected product: GNUBOARD5; vulnerable component: newwinform.php (popup title). Root cause is unvalidated input in the ...

6.1CVSS5.9AI score0.01521EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/03/27 7:1 p.m.14 views

CVE-2018-15585

Cross-Site Scripting XSS vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter...

5.9AI score0.01521EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/03/27 12:0 a.m.3 views

PT-2019-9131 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 versions prior to 5.3.1.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the popup title parameter in the newwinform.php file. This enables attackers to perform Cross-Site Scripting XSS...

6.1CVSS6.3AI score0.01521EPSS
Exploits0References7
NVD
NVD
added 2019/03/25 9:29 p.m.19 views

CVE-2018-15583

Cross-Site Scripting XSS vulnerability in pointlist.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter...

6.1CVSS5.9AI score0.01085EPSS
Exploits0References2
Prion
Prion
added 2019/03/25 9:29 p.m.16 views

Cross site scripting

Cross-Site Scripting XSS vulnerability in pointlist.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter...

4.3CVSS5.9AI score0.01085EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/03/25 12:0 a.m.5 views

PT-2019-9129 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 versions prior to 5.3.1.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the popup title parameter in the point list.php file. This enables attackers to perform Cross-Site Scripting XSS...

6.1CVSS6.1AI score0.01085EPSS
Exploits0References6
OSV
OSV
added 2008/01/10 12:46 a.m.5 views

DEBIAN-CVE-2008-0192

Multiple cross-site scripting XSS vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to 1 wp-admin/post.php or 2 wp-admin/page-new.php...

4.3CVSS6AI score0.05072EPSS
Exploits1References1
Rows per page
Query Builder