Lucene search
K

42 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.17 views

CVE-2024-24836

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

6.5CVSS6.7AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21285 · Weberp · Weberp

Name of the Vulnerable Software and Affected Versions: WebERP version 4.15.2 Description: An error-based SQL Injection SQLi vulnerability allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to...

9.8CVSS7.7AI score0.00438EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.5 views

PT-2024-33061

Name of the Vulnerable Software and Affected Versions Cloudlog version 2.6.15 Description The issue concerns an SQL injection vulnerability in Cloudlog's Oqrs.php request form, which can be exploited via the station id or callsign variables. This vulnerability allows attackers to manipulate the S...

7.3CVSS5.6AI score0.0087EPSS
Exploits1References12
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.4 views

Cloudlog 安全漏洞

Cloudlog is a self-hosted PHP application by the individual developer Peter Goodhall. Allows logging of amateur radio contacts from anywhere. A security vulnerability exists in Cloudlog version 2.6.15, which stems from the stationid parameter in the requestform function of the Oqrs.php page...

7.3CVSS7.9AI score0.0087EPSS
Exploits1References4
NVD
NVD
added 2024/02/08 1:15 p.m.26 views

CVE-2024-24836

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

6.5CVSS6.4AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2024/02/08 1:15 p.m.3 views

CVE-2024-24836

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

5.4CVSS7.3AI score0.00317EPSS
Exploits0References1
Prion
Prion
added 2024/02/08 1:15 p.m.11 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

4.9CVSS7.2AI score0.00317EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/08 1:10 p.m.24 views

CVE-2024-24836 WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...

6.5CVSS6.7AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2024/02/08 1:10 p.m.54 views

CVE-2024-24836

CVE-2024-24836 is a stored XSS vulnerability in the Audrasjb GDPR Data Request Form WordPress plugin, affecting versions up to 1.6. The root cause is improper input neutralization during web page generation, enabling insertion of malicious scripts that are stored and later rendered to users. Mult...

6.5CVSS6.7AI score0.00317EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.5 views

PT-2024-20603 · Unknown · Audrasjb Gdpr Data Request Form

Name of the Vulnerable Software and Affected Versions: Audrasjb GDPR Data Request Form versions n/a through 1.6 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can inject...

6.5CVSS6AI score0.00317EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.4 views

WordPress Plugin GDPR Data Request Form Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.5CVSS8.1AI score0.00317EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/02/02 12:0 a.m.11 views

WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software GDPR Data Request Form Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24836 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7fd021f643aa Credits Ngô Thiên An ancorn from VNPT-VCI...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/11/29 12:12 p.m.12 views

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

7.5CVSS7AI score0.0142EPSS
Exploits0References7
Wordfence Blog
Wordfence Blog
added 2023/03/02 2:49 p.m.279 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced...

0.1AI score0.05141EPSS
Exploits26
Wordfence Blog
Wordfence Blog
added 2023/02/09 3:31 p.m.114 views

Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...

0.28565EPSS
Exploits52
wpexploit
wpexploit
added 2022/06/28 12:0 a.m.112 views

Request a Quote <= 2.3.7 - CSV Injection

The plugin does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it On a page with a Quote Request form, upload the following CSV as an attachment: "First Name","Last...

8.8CVSS0.5AI score0.01184EPSS
Exploits2
NVD
NVD
added 2021/10/19 5:15 p.m.26 views

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

6.1CVSS0.01029EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/10/19 4:53 p.m.32 views

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

6.4AI score0.01029EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.5 views

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber CMS version 1.2.7, which can be exploited ...

6.1CVSS6.5AI score0.01029EPSS
Exploits1References3
CNVD
CNVD
added 2020/12/11 12:0 a.m.1 views

Unauthorized Access Vulnerability in Kaixin Account Privilege Request Forms

The QSI Employee Account Privilege Request Form is a system for managing account privileges. An unauthorized access vulnerability exists in the Kaixin Account Privilege Request Form, which can be exploited by an attacker to obtain sensitive information about the system...

6.6AI score
Exploits0
Rows per page
Query Builder