Lucene search
K

148 matches found

wpexploit
wpexploit
added 2023/08/07 12:0 a.m.136 views

Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored HTML injection. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however t...

4.8CVSS5.3AI score0.00379EPSS
Exploits2
Huntr
Huntr
added 2023/08/03 11:21 a.m.18 views

Stored HTML injection

Description Stored HTML Injection: A Hidden Web Threat. Learn how attackers exploit input fields to inject malicious code into web applications, jeopardizing user data and site integrity. Discover crucial prevention measures to safeguard against this insidious vulnerability. Step to reproduce 1...

4.9CVSS7AI score0.00381EPSS
Exploits1
GithubExploit
GithubExploit
added 2023/05/24 10:45 a.m.65 views

Exploit for Cross-site Scripting in Teampass

CVE-2023-2591: Stored HTML Injection in Item Label in Teampass...

7.1CVSS7.2AI score0.00607EPSS
Exploits2
OpenVAS
OpenVAS
added 2023/05/10 12:0 a.m.12 views

OpenEMR < 7.0.1 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

8.8CVSS6.1AI score0.96731EPSS
Exploits11References10
CVE
CVE
added 2023/04/12 12:0 a.m.46 views

CVE-2023-27775

CVE-2023-27775 is a stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 that allows an attacker to execute arbitrary code via a crafted payload. The available documents indicate the issue is exploitable with network access and requires user interaction, with a CVSS v3.1 base score of...

5.4CVSS6AI score0.00521EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2023/02/19 9:38 a.m.21 views

Stored HTML Injection

phpmyfaq is vulnerable to Stored HTML Injection. The vulnerability exists due to improper handling of inputs through the FAQ-Proposal Form, which allows an attacker to inject and execute malicious HTML content in the web page when an admin views the proposal, possibly leading to code execution...

9.8CVSS9AI score0.01662EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2023/02/19 9:14 a.m.18 views

Stored HTML Injection

phpmyfaq is vulnerable to Stored HTML Injection. The vulnerability exists due to improper handling of inputs through the Question Form, which allows an attacker to inject and execute malicious HTML content in the web page when an admin approves the question, possibly leading to code execution...

9.8CVSS9AI score0.00886EPSS
Exploits0References5Affected Software2
Huntr
Huntr
added 2023/01/24 12:1 a.m.19 views

stored HTML-Injection in the FAQ-Proposal

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to identify another stored HTML-Injection Vulnerability in the FAQ-Proposal Form. The Process of the...

7.5CVSS9AI score0.01662EPSS
Exploits0References1
Huntr
Huntr
added 2023/01/20 4:5 a.m.19 views

Stored HTML Injection

Team, I hope you are all doing well. . I wanted to bring to your attention a potential vulnerability on the website https://mainnet.demo.btcpayserver.org/account/apikeys. . During my research, I discovered that the api key label field is vulnerable to a stored HTML injection attack. Proof of...

6.5CVSS8.6AI score0.07896EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2022/07/18 12:0 a.m.218 views

WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles...

4.8CVSS1.2AI score0.00559EPSS
Exploits2References3Affected Software1
OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.15 views

WordPress WooCommerce Plugin < 6.6.0 Stored HTML Injection Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

4.8CVSS5.2AI score0.00559EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/07/17 10:35 a.m.30 views

CVE-2022-2099 WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles...

5.4AI score0.00559EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/07/17 12:0 a.m.5 views

PT-2022-14857 · WordPress · Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce WordPress plugin versions prior to 6.6.0 Description: The issue is related to stored HTML injection due to a lack of escaping and sanitizing in the payment gateway titles. This allows for potential malicious code injection...

4.8CVSS5.1AI score0.00559EPSS
Exploits2References7
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.61 views

WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles PoC Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both f...

4.8CVSS1.3AI score0.00559EPSS
Exploits2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:31 a.m.26 views

Moodle Stored HTML in assignment submission comments allowed links to be opened directly

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

6.1CVSS7AI score0.0082EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2021/04/05 11:15 a.m.18 views

CVE-2021-30057

A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...

4.8CVSS0.0066EPSS
Exploits1References1
OSV
OSV
added 2021/04/05 11:15 a.m.17 views

CVE-2021-30057

A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...

4.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2021/01/20 4:15 a.m.7 views

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS6.3AI score0.00607EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/01/20 3:14 a.m.42 views

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.9AI score0.00607EPSS
Exploits0References1
NVD
NVD
added 2020/12/21 3:15 p.m.10 views

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

6.1CVSS6.9AI score0.01274EPSS
Exploits1References1
Rows per page
Query Builder