Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/06/30 9:39 p.m.31 views

CVE-2026-10585 Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS0.00184EPSS
Exploits0References5
NVD
NVD
added 2026/03/30 2:16 p.m.4 views

CVE-2026-3321

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 1:17 p.m.22 views

CVE-2026-3321 Authorization Bypass in ON24 Q&A chat

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS0.00287EPSS
Exploits0References1
OSV
OSV
added 2024/07/17 8:15 a.m.4 views

CVE-2024-5582

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attribute...

5.4CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.9 views

PT-2024-36589 · WordPress · Schema & Structured Data For Wp & Amp

Name of the Vulnerable Software and Affected Versions: Schema & Structured Data for WP & AMP plugin for WordPress versions up to, and including, 1.33 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the url attribute...

6.4CVSS6.9AI score0.00385EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:42 p.m.1 views

Malicious code in file-q-and-a (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 12:42 p.m.4 views

MAL-2024-2368 Malicious code in file-q-and-a (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2016/08/29 12:0 a.m.25 views

WordPress Q and A Plugin - Full Path Disclosure

This plugin is prone to a multiple scripts direct request path disclosure vulnerability. Solution Update the plugin...

1.5AI score
Exploits0Affected Software1
exploitpack
exploitpack
added 2016/05/12 12:0 a.m.16 views

WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities

WordPress Plugin Q and A Focus Plus FAQ 1.3.9.7 - Multiple Vulnerabilities Exploit Title: WordPress Q and A Focus Plus FAQ Full Path Disclosure and SQL Injection Google Dork: inurl:"wp-content/plugins/q-and-a" Date: 12-05-2016 Software Link: https://wordpress.org/plugins/q-and-a-focus-plus-faq/...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2016/05/12 12:0 a.m.21 views

WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities

Exploit Title: WordPress Q and A Focus Plus FAQ Full Path Disclosure and SQL Injection Google Dork: inurl:"wp-content/plugins/q-and-a" Date: 12-05-2016 Software Link: https://wordpress.org/plugins/q-and-a-focus-plus-faq/ Version: 1.3.9.7 and prior Exploit Author: Gwendal Le Coguic Website:...

7.4AI score
Exploits0
Rows per page
Query Builder