8 matches found
CVE-2026-20205
Summary: CVE-2026-20205 affects Splunk MCP Server app versions below 1.0.3. A user with access to the Splunk _internal index** or with the high-privilege capability mcp_tool_admin can view users’ sessions and authorization tokens in clear text. The vulnerability requires either local access to lo...
CVE-2025-20325
Summary: CVE-2025-20325 affects Splunk Enterprise <9.4.3, <9.3.5, <9.2.7, <9.1.10 and Splunk Cloud Platform <9.3.2411.103, <9.3.2408.113,
CVE-2024-8732
The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WordPress Roles & Capabilities plugin <= 1.1.9 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Roles & Capabilities versions = 1.1.9...
PT-2024-39211 · WordPress · Roles & Capabilities
Name of the Vulnerable Software and Affected Versions: Roles & Capabilities plugin for WordPress versions up to, and including, 1.1.9 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...
WordPress YouTube Embed 3.3.2 Cross Site Scripting Vulnerability
WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability. Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium;...
WordPress YouTube Embed 3.3.2 Cross Site Scripting
Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N Description ================ A stored XSS vulnerability in YouTube Embed 3.3.2 and...
WordPress Pods 2.4.3 CSRF / Cross Site Scripting
Vulnerability title: Wordpress plugin Pods alert'xss' target="http://localhost"; for i=0; i'; CSRF 2 delete pods plugin data: CSRF 3 deactivate pods and delete data: CSRF 4 enable "roles and capab...