Lucene search
+L

183 matches found

Prion
Prion
added 2021/07/30 2:15 p.m.14 views

Sql injection

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

7.5CVSS9.8AI score0.02447EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/06/01 2:15 p.m.5 views

CVE-2021-24316

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue...

6.1CVSS6.4AI score0.06442EPSS
Exploits2References3
OSV
OSV
added 2021/04/12 2:15 p.m.7 views

CVE-2021-24213

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page...

6.1CVSS6.4AI score0.0137EPSS
Exploits4References2
Vulnerability Lab
Vulnerability Lab
added 2020/05/06 12:0 a.m.36 views

Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability

Document Title: =============== Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2251 Release Date: ============= 2020-05-06 Vulnerability Laboratory ID VL-ID: ==================================== 225...

7.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2020/05/04 12:0 a.m.14 views

wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via s Parameter

The plugin did not escape, validate or escape the 's' GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in admin PoC https://example.com/wp-admin/admin.php?page=wpforo-phrases="...

3.5CVSS0.9AI score0.00709EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2020/04/23 3:15 p.m.5 views

CVE-2020-12054

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

6.1CVSS6.4AI score0.03611EPSS
Exploits2References2
Prion
Prion
added 2020/04/23 3:15 p.m.13 views

Cross site scripting

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

4.3CVSS6AI score0.03611EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2019/10/23 5:15 p.m.15 views

CVE-2015-9504

The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...

6.1CVSS6.1AI score0.00934EPSS
Exploits2References1
Cvelist
Cvelist
added 2019/10/23 4:13 p.m.16 views

CVE-2015-9504

The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...

6.1AI score0.00934EPSS
Exploits2References1
CVE
CVE
added 2019/10/23 4:13 p.m.83 views

CVE-2015-9504

The CVE-2015-9504 entry describes an XSS vulnerability in the WordPress WeeklyNews theme prior to version 2.2.9, exploitable via the s parameter. Affected component/file: the weeklynews WordPress theme (pre-2.2.9). Root cause: reflected XSS through the s query parameter, allowing an attacker to i...

6.1CVSS6AI score0.00934EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2019/10/17 6:15 p.m.13 views

CVE-2019-17115

Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...

6.1CVSS6.1AI score0.01659EPSS
Exploits3References3
Prion
Prion
added 2019/10/17 6:15 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The renderedmessage column is retrieved and displayed, unsanitized, on Logs.jsp. A remote...

4.3CVSS6AI score0.01659EPSS
Exploits3References3Affected Software1
CNVD
CNVD
added 2019/09/27 12:0 a.m.4 views

S-CMS enterprise website builder system aj***.php page G_s*** parameter exists SQL injection vulnerability

S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. S-CMS enterprise website building system aj.php page Gs parameters exist SQL injection vulnerability, attackers can use the...

7.8AI score
Exploits0
OSV
OSV
added 2019/09/20 3:15 p.m.2 views

CVE-2016-10999

The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter...

6.1CVSS5.8AI score0.00943EPSS
Exploits1References1
NVD
NVD
added 2019/09/18 12:15 p.m.21 views

CVE-2016-10994

The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...

6.1CVSS6.1AI score0.01252EPSS
Exploits2References2
OSV
OSV
added 2019/09/18 12:15 p.m.4 views

CVE-2016-10994

The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...

6.1CVSS5.8AI score0.01252EPSS
Exploits2References2
Prion
Prion
added 2019/09/18 12:15 p.m.17 views

Design/Logic Flaw

The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...

4.3CVSS6AI score0.01252EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/09/18 11:7 a.m.18 views

CVE-2016-10994

The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...

6.2AI score0.01252EPSS
Exploits2References2
CVE
CVE
added 2019/09/18 11:7 a.m.51 views

CVE-2016-10994

The CVE-2016-10994 entry concerns the Truemag theme (WordPress) 2016 Q2 and reports an XSS vulnerability via the s parameter. Multiple connected sources corroborate an unauthenticated reflected XSS affecting the Truemag WordPress theme, with PoC examples showing input like s="&gt; that can be ref...

6.1CVSS6AI score0.01252EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2019/09/17 3:15 p.m.17 views

CVE-2016-10993

The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter...

5.4CVSS5.3AI score0.02796EPSS
Exploits1References2
Rows per page
Query Builder