Lucene search
K

79 matches found

OSV
OSV
added 2025/12/02 2:16 p.m.6 views

CVE-2025-65858

A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...

3.5CVSS5.1AI score0.00174EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.9 views

PT-2025-48754

Name of the Vulnerable Software and Affected Versions Aimeos GrapesJS CMS extension versions prior to 2021.10.8 Aimeos GrapesJS CMS extension versions prior to 2022.10.8 Aimeos GrapesJS CMS extension versions prior to 2023.10.8 Aimeos GrapesJS CMS extension versions prior to 2024.10.8 Aimeos...

7.6CVSS6AI score0.00238EPSS
Exploits0References7
CVE
CVE
added 2025/11/26 12:0 a.m.13 views

CVE-2025-65676

CVE-2025-65676 is a stored XSS defect in Classroomio LMS 0.1.13, where authenticated attackers can upload crafted SVG cover images that execute code in the context of the application. Multiple adapters (NVD, Red Hat, EUVD, OSV, CIRCL, PT-Security, CNNVD, CVE lists, PacketStorm, etc.) consistently...

5.4CVSS6.1AI score0.00201EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.4 views

CVE-2025-11765 Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageheight' and 'imagewidth' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2025/11/13 8:27 a.m.16 views

CVE-2025-10295

CVE-2025-10295 affects the Angel – Fashion Model Agency WordPress Theme (versions up to and including 3.2.3). The vulnerability is a Stored Cross-Site Scripting flaw in the profile media uploader caused by insufficient input sanitization and output escaping. It requires authenticated access at su...

6.4CVSS4.8AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 4:15 p.m.5 views

CVE-2025-48085

Cross-Site Request Forgery CSRF vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through = 0.9.17...

7.1CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 2025/11/05 12:15 p.m.11 views

CVE-2025-11745

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-28748

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.6 views

ERPNext 跨站脚本漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...

5.4CVSS6AI score0.00382EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.4 views

CVE-2025-48351

Cross-Site Request Forgery CSRF vulnerability in PluginsPoint Kento Splash Screen kento-splash-screen allows Stored XSS.This issue affects Kento Splash Screen: from n/a through = 1.4...

7.1CVSS5.9AI score0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/15 8:25 a.m.8 views

CVE-2025-7688 Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00141EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.2 views

CVE-2025-49044 WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through = 1.1.1...

7.1CVSS5.9AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.6 views

CVE-2023-1861

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.4AI score0.28799EPSS
Exploits2References1
OSV
OSV
added 2025/05/15 8:15 p.m.4 views

CVE-2023-7168

The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.8AI score0.00255EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin Smart Post Show 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.8CVSS5.7AI score0.00255EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.4 views

WordPress plugin Kiotviet KiotViet Sync 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

7.1CVSS7.1AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.4 views

WordPress plugin Listings for Buildium 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery...

7.1CVSS7AI score0.00127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/27 12:0 a.m.4 views

PT-2025-13055 · Wip · Woocarousel Lite

Name of the Vulnerable Software and Affected Versions: WIP WooCarousel Lite versions 1.1.7 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can execute malicious scripts on the victim's browser,...

7.1CVSS9.3AI score0.00178EPSS
Exploits0References6
OSV
OSV
added 2025/03/16 6:15 a.m.5 views

CVE-2025-1622

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2025/03/07 10:15 a.m.2 views

CVE-2024-9458

The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0083EPSS
Exploits3References1
Rows per page
Query Builder