Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/24 9:15 a.m.13 views

CVE-2025-14069

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswpcustomschemafield' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS5.8AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 5:29 a.m.4 views

CVE-2025-14069

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswpcustomschemafield' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS5.6AI score0.0024EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/23 5:29 a.m.32 views

CVE-2025-14069 Schema & Structured Data for WP & AMP <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswpcustomschemafield' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS0.0024EPSS
Exploits0References5
CVE
CVE
added 2026/01/23 5:29 a.m.24 views

CVE-2025-14069

This CVE (CVE-2025-14069) affects Schema & Structured Data for WP & AMP (WordPress) up to version 1.54, via Stored Cross-Site Scripting in the saswp_custom_schema_field. Affected actor must have Contributor+ rights; exploitation would run scripts on pages when viewed by users. The Wordfence entry...

6.4CVSS5.8AI score0.0024EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/23 5:29 a.m.4 views

CVE-2025-14069 Schema & Structured Data for WP & AMP <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswpcustomschemafield' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS5.8AI score0.0024EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/26 6:42 p.m.12 views

GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation

Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...

7AI score
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.7 views

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware that stems from insufficient cleanup of the cdatabaseschema field in the installation interface, which could lead to stored cross-site scripting...

6.1CVSS6AI score0.00381EPSS
Exploits1References3
OSV
OSV
added 2025/08/05 12:0 a.m.8 views

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

6.1CVSS6.5AI score0.00381EPSS
Exploits1References4
OSV
OSV
added 2022/02/24 5:15 a.m.4 views

CVE-2021-43943

Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The...

4.8CVSS5.9AI score0.00422EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.5 views

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. A cross-site scripting vulnerability exists in Atlassian Jira Service Management Server and Data Center versions prior to 4.21.0, which originates in /secure/admin/ The "Object Schema" field of...

4.8CVSS5.6AI score0.00422EPSS
Exploits0References2
Rows per page
Query Builder