Lucene search
K

2429 matches found

Vulnrichment
Vulnrichment
added 2023/02/21 8:50 a.m.5 views

CVE-2022-4750 WP Responsive Testimonials Slider And Widget <= 1.5 - Contributor+ Stored XSS

The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.3AI score0.00471EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.3 views

WordPress Plugin WP Responsive Testimonials Slider And Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.3 views

SUSE CVE-2021-23995

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

7.5CVSS8.8AI score0.01214EPSS
Exploits0References11
NVD
NVD
added 2023/02/14 12:15 p.m.13 views

CVE-2023-25065

Cross-Site Request Forgery CSRF vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin = 2.1.14 versions...

8.8CVSS6.5AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2023/02/14 11:6 a.m.62 views

CVE-2023-25065

CVE-2023-25065 reports a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “WP Tabs – Responsive Tabs” (ShapedPlugin)

8.8CVSS7.2AI score0.00255EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/02/13 3:15 p.m.15 views

Cross site scripting

The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

4.9CVSS5.4AI score0.00477EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.5 views

CVE-2023-0060 Responsive Gallery Grid < 2.3.9 - Contributor+ Stored XSS

The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.8AI score0.00477EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/02/13 12:0 a.m.24 views

eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC bscolumns class='" onmouseover="alert1"...

5.4CVSS5AI score0.00471EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/02/13 12:0 a.m.92 views

eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. bscolumns class='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS
Exploits2
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.3 views

WordPress plugin Responsive Gallery Grid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00477EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2023/02/03 8:56 a.m.280 views

Exploit for Unrestricted Upload of File with Dangerous Type in Tecrail Responsive_Filemanager

ResponsiveFileManager-CVE-2022-46604 Responsive FileManager v...

8.8CVSS8.8AI score0.08627EPSS
Exploits5
Patchstack
Patchstack
added 2023/02/03 12:0 a.m.11 views

WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Image Gallery, Gallery Album Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47603 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 679ee9055f30...

7.1CVSS5.6AI score0.00422EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/02/02 1:15 p.m.47 views

CVE-2022-46604

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

8.8CVSS8.9AI score0.08627EPSS
Exploits5References4
OSV
OSV
added 2023/02/02 1:15 p.m.14 views

CVE-2022-46604

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

8.8CVSS9AI score
Exploits0References4
CVE
CVE
added 2023/02/02 12:0 a.m.75 views

CVE-2022-46604

The CVE-2022-46604 issue affects Tecrail Responsive FileManager v9.9.5 and earlier. A vulnerability in the file-extension check allows an attacker to upload a crafted PHP file, enabling arbitrary code execution on the server. Connected exploit sources describe remediating factors such as director...

8.8CVSS8.8AI score0.08627EPSS
Exploits5References4Affected Software1
Patchstack
Patchstack
added 2023/01/27 12:0 a.m.9 views

WordPress eVision Responsive Column Layout Shortcodes Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software eVision Responsive Column Layout Shortcodes Type Plugin Vulnerable versions = 2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 18ded12f9366 Credits...

5.9AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.41 views

Amazon Linux 2022 : python3-unbound, unbound, unbound-anchor (ALAS2022-2023-265)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2023-265 advisory. NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an Unbound instance. Unbound is queri...

7.5CVSS6.9AI score0.01259EPSS
Exploits0References7
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.10 views

WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Vertical Icon Menu Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23870 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 33c1eabeea35 Credits Rio...

5.9CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/17 12:0 a.m.11 views

WordPress Responsive Gallery Grid Plugin < 2.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Gallery Grid Type Plugin Vulnerable versions 2.3.9 Fixed in 2.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0060 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2a4cfaed0ac5 Credits Lana Codes...

5.4CVSS5.6AI score0.00477EPSS
Exploits2References4Affected Software1
OpenVAS
OpenVAS
added 2023/01/12 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2023-1156)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01259EPSS
Exploits0References2
Rows per page
Query Builder