Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:38 a.m.8 views

CVE-2023-44228

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Onclick show popup plugin = 8.1 versions...

5.9CVSS5.6AI score0.00382EPSS
Exploits3
Prion
Prion
added 2023/10/02 11:15 a.m.12 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Onclick show popup plugin = 8.1 versions...

4.3CVSS4.8AI score0.00382EPSS
Exploits3References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/02 10:33 a.m.16 views

CVE-2023-44228 WordPress Onclick Show Popup Plugin <= 8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Onclick show popup plugin = 8.1 versions...

5.9CVSS5.6AI score0.00382EPSS
Exploits3References1
Cvelist
Cvelist
added 2023/10/02 10:33 a.m.21 views

CVE-2023-44228 WordPress Onclick Show Popup Plugin <= 8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Onclick show popup plugin = 8.1 versions...

5.9CVSS5.5AI score0.00382EPSS
Exploits3References1
CVE
CVE
added 2023/10/02 10:33 a.m.70 views

CVE-2023-44228

CVE-2023-44228 corresponds to a stored XSS vulnerability in the WordPress plugin “Onclick show popup” (admin+ required) affecting versions up to 8.1. Multiple sources in connected documents consistently describe the flaw as an authenticated (admin+) stored XSS in that plugin, with impact limited ...

5.9CVSS5.1AI score0.00382EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/02 12:0 a.m.17 views

Onclick Show Popup < 6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00382EPSS
Exploits3Affected Software1
Patchstack
Patchstack
added 2023/09/28 12:0 a.m.13 views

WordPress Onclick Show Popup Plugin <= 8.2 is vulnerable to Cross Site Scripting (XSS)

Software Onclick Show Popup Type Plugin Vulnerable versions = 8.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-44228 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ee7368d7eff0 Credits yuyudhn Required privile...

5.9CVSS5.7AI score0.00382EPSS
Exploits3References1Affected Software1
NVD
NVD
added 2020/03/24 2:15 p.m.24 views

CVE-2020-10570

The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature...

6.1CVSS6.3AI score0.00389EPSS
Exploits0References1
OSV
OSV
added 2020/03/24 2:15 p.m.5 views

CVE-2020-10570

The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature...

6.1CVSS6.4AI score0.00389EPSS
Exploits0References1
Patchstack
Patchstack
added 2015/05/14 12:0 a.m.12 views

WordPress Onclick Show Popup Plugin <= 6.5 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

2.4AI score
Exploits0References1Affected Software1
Rows per page
Query Builder