CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

RedhatCVE•added 2026/01/09 9:12 a.m.•7 views

CVE-2022-0653

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...

6.1CVSS6AI score0.0565EPSS

Exploits3References1

OSV•added 2022/02/24 7:15 p.m.•0 views

CVE-2022-0653

6.1CVSS5.8AI score0.0565EPSS

Exploits3References2

CVE•added 2022/02/24 6:27 p.m.•78 views

CVE-2022-0653

CVE-2022-0653 affects the WordPress Profile Builder plugin (versions ≤ 3.6.1). It’s a reflected XSS due to insufficient escaping of the site_url parameter in ~/assets/misc/fallback-page.php, enabling arbitrary scripts to run when users click a crafted link. Impact in sources includes potential da...

6.1CVSS5.9AI score0.0565EPSS

Exploits3References2Affected Software1

CNVD•added 2017/10/17 12:0 a.m.•2 views

WordPress Profile Builder Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Profile Builder is one of the profile release plugin . A cross-site scripting vulnerability exists in the...

6.1CVSS5.9AI score0.00152EPSS

Exploits1References1

NVD•added 2014/12/19 3:59 p.m.•8 views

CVE-2014-9185

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the siteurl parameter...

6.5CVSS6.7AI score0.00554EPSS

Exploits4References5

Prion•added 2014/12/19 3:59 p.m.•8 views

Code injection

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the siteurl parameter...

6.5CVSS7.3AI score0.00554EPSS

Exploits4References5Affected Software1

Cvelist•added 2014/12/19 3:0 p.m.•14 views

CVE-2014-9185

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the siteurl parameter...

6.7AI score0.00554EPSS

Exploits4References5

NVD•added 2014/03/14 3:55 p.m.•12 views

CVE-2013-0297

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 sitename or 2 siteurl parameter to apps/external/ajax/setsites.php...

3.5CVSS5.4AI score0.00224EPSS

Exploits0References1

UbuntuCve•added 2014/03/14 3:55 p.m.•18 views

CVE-2013-0297

3.5CVSS5.9AI score0.00224EPSS

Exploits0References2

seebug.org•added 2007/05/27 12:0 a.m.•22 views

TROforum 0.1 (admin.php site_url) Remote File Inclusion Vulnerability

No description provided by source. TROforum 0.1 = Remote File Inclusion Vulnerability Dork:http://www.google.com.tr/search?hl=tr&q=%22TROforum+0.1%22&meta= Vuln Code ERROR1:admin/admin.php include "$siteurl/trofimov.php"; include "$siteurl/narod.php"; RFI...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by