Lucene search
K

149 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-29329

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00605EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-47601

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.003EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28701

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00225EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-32719

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00342EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-51153

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-34021

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32766

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00425EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-33515

Malicious code in bioql PyPI...

5.4CVSS8.9AI score0.00292EPSS
Exploits0References2
NVD
NVD
added 2025/08/06 7:15 a.m.2 views

CVE-2025-7727

The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/05 12:0 a.m.8 views

PT-2025-31915 · WordPress · Employee Directory

Name of the Vulnerable Software and Affected Versions: Employee Directory plugin for WordPress versions up to and including 4.5.1 Description: The Employee Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting through the noaccess msg parameter due to insufficient input...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/07/26 4:31 a.m.8 views

CVE-2025-4968

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Progress Bar, Pie Chart, Round Chart, and Line...

6.4CVSS5.5AI score0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/24 3:39 a.m.5 views

CVE-2025-4968 WPBakery Page Builder <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Page Builder Elements

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Progress Bar, Pie Chart, Round Chart, and Line...

6.4CVSS5.5AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/11 6:43 a.m.10 views

CVE-2025-6716 Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'upload1title' parameter in all versions up to, and including, 26.0.8...

6.4CVSS0.00187EPSS
Exploits0References2
CVE
CVE
added 2025/06/25 12:0 a.m.16 views

CVE-2023-44915

CVE-2023-44915 affects c3crm up to version 3.0.4, where an XSS flaw in the /Login.php component allows crafted payloads in the login_error parameter to execute scripts. Several sources confirm the vulnerability class and affected component; Red Hat and NVD entries corroborate the same description...

7.1CVSS5.9AI score0.00281EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/06/12 7:59 a.m.6 views

CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

5.9AI score0.34859EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/10 10:19 p.m.3 views

CVE-2025-47040 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.4AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/10 10:19 p.m.4 views

CVE-2025-47021 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/07 11:17 a.m.16 views

CVE-2025-5528 Social Sharing Plugin – Sassy Social Share <= 3.3.75 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateormastodonshare parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/01 7:33 a.m.9 views

CVE-2025-4943

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/31 6:40 a.m.12 views

CVE-2025-5292 Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent’ parameter in all versions up to, and including, 5.11.2 due to insufficient input...

6.4CVSS0.00186EPSS
Exploits0References2
Rows per page
Query Builder