Lucene search
K

33 matches found

CVE
CVE
added 2022/06/20 10:25 a.m.61 views

CVE-2022-0663

CVE-2022-0663 refers to the WordPress plugin Print, PDF, Email by PrintFriendly prior to version 5.2.3. The root cause is failure to sanitize and escape the Custom Button Text setting, which can allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Multi...

4.8CVSS4.7AI score0.00565EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/20 10:25 a.m.23 views

CVE-2022-0663 Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting

The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00565EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/06/20 12:0 a.m.4 views

WordPress plugin Print, PDF, Email by PrintFriendly 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to PrintFriendly 5.2.3...

4.8CVSS5.2AI score0.00565EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/05/30 12:0 a.m.22 views

WordPress Print, PDF, Email by PrintFriendly plugin <= 5.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat Solution Update the WordPress Print, PDF, Email by PrintFriendly plugin to the latest available version at least 5.2.3...

4.8CVSS1.6AI score0.00565EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.21 views

Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC In the plugin's settings, tick 'Custom Button' and put the following...

4.8CVSS1AI score0.00565EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.115 views

Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed In the plugin's settings, tick 'Custom Button' and put the following payload ...

4.8CVSS0.4AI score0.00565EPSS
Exploits2
seebug.org
seebug.org
added 2014/03/06 12:0 a.m.20 views

WordPress PrintFriendly插件'options.php'多个跨站脚本漏洞

Bugtraq ID:65827 WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress PrintFriendly 'options.php'不正确过滤用户提交的参数,远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。 0 WordPress PrintFriendly 3.3.7 目前没有详细解决方案提供: http://wordpress.org/plugins/...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/02/26 12:0 a.m.24 views

WordPress PrintFriendly 3.3.7 Cross Site Scripting

============================================================== Title ...| XSS in PrintFriendly Version .| printfriendly 3.3.7 Date ....| 23.02.2014 Found ...| HauntIT Blog Home ....| http://wordpress.org/plugins/ ==============================================================...

0.1AI score
Exploits0
Prion
Prion
added 2009/11/24 2:30 a.m.8 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01223EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2009/11/24 2:30 a.m.16 views

CVE-2009-4062

Multiple cross-site scripting XSS vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.8AI score0.01223EPSS
Exploits0References6
CVE
CVE
added 2009/11/24 2:0 a.m.39 views

CVE-2009-4062

The CVE-2009-4062 entry affects the Drupal Printfriendly module (6.x) prior to version 6.x-1.6, where multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary script or HTML via unspecified vectors. Root cause is unvalidated/unsanitized input in the module’s ...

4.3CVSS5.8AI score0.01223EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2009/11/24 2:0 a.m.16 views

CVE-2009-4062

Multiple cross-site scripting XSS vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.8AI score0.01223EPSS
Exploits0References6
Drupal
Drupal
added 2009/11/18 12:0 a.m.10 views

SA-CONTRIB-2009-109 - Printfriendly - Cross Site Scripting

The Printfriendly module integrates with printfriendly.com's print service. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. Versions affected Printfriendly module for Drupal 6.x prior to Printfriendly 6.x-1.6...

6.3AI score
Exploits0References6
Rows per page
Query Builder