Lucene search
+L

243 matches found

nvd
nvd
added 2026/02/23 10:16 p.m.11 views

CVE-2026-27742

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.4CVSS0.00139EPSS
Exploits1References2
cvelist
cvelist
added 2026/02/23 9:58 p.m.35 views

CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.4CVSS0.00139EPSS
Exploits1References2
cve
cve
added 2026/02/23 9:58 p.m.15 views

CVE-2026-27742

Bludit

5.4CVSS5.3AI score0.00139EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/02/23 9:58 p.m.3 views

CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.4CVSS5.3AI score0.00139EPSS
Exploits1References2
osv
osv
added 2026/02/23 9:58 p.m.10 views

CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content

Bludit version 3.16.2 contains a stored cross-site scripting XSS vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript...

5.1CVSS6AI score0.00139EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/02/23 12:0 a.m.13 views

PT-2026-21569

Name of the Vulnerable Software and Affected Versions Bludit version 3.16.2 Description The application does not properly sanitize content input on the server side, despite client-side sanitation. An authenticated user can inject JavaScript into the post content field. This injected script execut...

5.4CVSS5.3AI score0.00139EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/02/18 12:0 a.m.10 views

WordPress plugin Blog2Social: Social Media Auto Post & Scheduler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.15 views

PT-2026-20379

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s curation draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies current user...

6.5CVSS5.7AI score0.00336EPSS
Exploits0References5
osv
osv
added 2026/02/13 12:31 p.m.4 views

GHSA-9PJ7-JH2R-87G8 Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/13 10:29 a.m.4 views

CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/13 10:29 a.m.5 views

CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/02/13 10:29 a.m.24 views

CVE-2026-22892

Mattermost versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, and 11.2.x up to 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts. An authenticated attacker with access to the Jira plugin can read post content and attachments from channels they do not have ...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/02/13 10:29 a.m.30 views

CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS0.00239EPSS
Exploits0References1
cvelist
cvelist
added 2026/01/15 10:51 p.m.26 views

CVE-2026-1009 Stored Cross-Site Scripting in Altium Live Forum Leading to Cross-Customer Data Exposure

A stored cross-site scripting XSS vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post...

9CVSS0.00214EPSS
Exploits0References1
huntr
huntr
added 2026/01/10 6:22 a.m.7 views

Stored XSS in Home Feed via Post Content Lead to Account Takeover

Description A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of the application. The backend fails to sanitize user-provided content in the post creation endpoint. This allows an attacker to inject and store malicious JavaScript, which is then executed in the...

9.6CVSS7.5AI score0.00405EPSS
Exploits1
redhatcve
redhatcve
added 2026/01/09 12:31 p.m.12 views

CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

4.3CVSS6.9AI score0.00453EPSS
Exploits2References1
patchstack
patchstack
added 2025/12/31 7:23 a.m.5 views

WordPress Ultimate Post Kit plugin < 4.0.16 - Unauthenticated Arbitrary Post Content Disclosure vulnerability

Unauthenticated Arbitrary Post Content Disclosure vulnerability discovered by Drtime in WordPress Plugin Ultimate Post Kit versions 4.0.16...

5.3CVSS6.8AI score0.00245EPSS
Exploits0References1Affected Software1
osv
osv
added 2025/12/24 9:30 a.m.6 views

GHSA-FMQF-PMCM-8CX9 Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

4.3CVSS6.5AI score0.00165EPSS
Exploits0References6
euvd
euvd
added 2025/12/21 3:31 a.m.6 views

EUVD-2025-204651

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

5.3CVSS5.6AI score0.0024EPSS
Exploits0References5
nvd
nvd
added 2025/12/19 3:15 p.m.9 views

CVE-2025-14951

A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument postcontent leads to sql injection. The attack can be executed remotely. The exploit has been disclosed...

9.8CVSS0.00326EPSS
Exploits1References5
Rows per page
Query Builder