Lucene search
K

149 matches found

CVE
CVE
added 2024/12/12 3:23 a.m.48 views

CVE-2024-11901

CVE-2024-11901 affects the WordPress PowerBI Embed Reports plugin (up to version 1.1.7). The vulnerability is Stored XSS via the MO_API_POWER_BI shortcode, caused by insufficient input sanitization and output escaping for user-supplied shortcode attributes. Authenticated attackers with contributo...

6.4CVSS5.8AI score0.00467EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/13 12:0 a.m.25 views

CVE-2024-50969

A Reflected cross-site scripting XSS vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter...

0.00503EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/29 11:1 a.m.20 views

CVE-2024-10266 Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/01 9:29 a.m.28 views

CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00306EPSS
Exploits0References3
NVD
NVD
added 2024/06/29 2:15 a.m.24 views

CVE-2024-6405

The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floatingsocialbuttonsoption function. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2024/06/21 7:39 a.m.49 views

CVE-2024-5945

CVE-2024-5945 affects the WP SVG Images WordPress plugin, with stored XSS via the type parameter in all versions up to 4.2 due to insufficient input sanitization. Exploitation requires authentication (Author-level access or higher) and permissions to upload sanitized files. Successful abuse could...

6.4CVSS6.1AI score0.00328EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/06/13 8:16 a.m.23 views

CVE-2024-36212

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS0.00385EPSS
Exploits0References1
OSV
OSV
added 2024/05/24 5:15 a.m.3 views

CVE-2024-2784

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.4CVSS5.9AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 2024/03/29 7:15 a.m.8 views

CVE-2024-0609

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. Th...

6.1CVSS6AI score
Exploits0References2
NVD
NVD
added 2024/03/18 6:15 p.m.24 views

CVE-2024-26030

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.1AI score0.00427EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/18 5:54 p.m.25 views

CVE-2024-26096 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.2AI score0.00427EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Cross site scripting

The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

3.2CVSS6AI score0.00491EPSS
Exploits0References3
OSV
OSV
added 2024/02/29 1:42 a.m.8 views

CVE-2023-6923

The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

6.1CVSS6.3AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/09/20 7:15 p.m.17 views

CVE-2023-43377

A cross-site scripting XSS vulnerability in /hoteldruid/visualizzacontratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatarioemail1 parameter...

5.4CVSS6.2AI score0.00423EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/08 12:0 a.m.23 views

CVE-2023-39712

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

6.2AI score0.00583EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.3 views

PT-2023-19243 · Steven Henty · Drop Shadow Boxes

Name of the Vulnerable Software and Affected Versions: Steven Henty Drop Shadow Boxes plugin versions 1.7.10 and earlier Description: The issue is related to an Authenticated Cross-Site Scripting XSS vulnerability. This means that an attacker with contributor or higher privileges can inject...

6.5CVSS5.1AI score0.00337EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.13 views

CVE-2020-36711 Avada <= 6.2.2 - Authenticated (Contributor+) Cross-Site Scripting

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the updatelayout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web...

6.4CVSS6.3AI score0.00648EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.15 views

Contact Form Builder by vcita <= 4.10.2 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions...

6.1CVSS6.7AI score0.00295EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.13 views

Contact Form Builder by vcita < 4.10.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email parameter in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting higher privileged users, such as administrators, into the plugin settings. PoC...

6.4CVSS5.9AI score0.0051EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/08/09 6:14 p.m.58 views

CVE-2022-35509

CVE-2022-35509 is a Storage XSS in EyouCMS 1.5.8. The issue allows an attacker to inject a payload via the title parameter in the foreground contribution, enabling execution of arbitrary web scripts/HTML and potential exposure of sensitive information. Documents do not provide exploit code, affec...

6.1CVSS5.6AI score0.00478EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder