Lucene search
K

79 matches found

Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.3 views

PT-2025-5968 · Unknown · Inlocation

Name of the Vulnerable Software and Affected Versions: InLocation versions n/a through 1.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also...

7.1CVSS9.4AI score0.00124EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.4 views

WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin RSS News Scroller versions = 2.0.0...

7.1CVSS6.2AI score0.00197EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.5 views

PT-2025-5029 · Unknown · Shabbos/Yom Tov

Name of the Vulnerable Software and Affected Versions: Shabbos and Yom Tov versions 1.9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

7.1CVSS9.1AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.6 views

PT-2025-5003 · Mfplugin · Mfplugin

Name of the Vulnerable Software and Affected Versions: MFPlugin versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also stor...

7.1CVSS9AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 2025/01/09 11:15 a.m.2 views

CVE-2024-6155

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshiftdownloadfilelocaly function...

5.4CVSS5.9AI score0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/26 1:56 p.m.3 views

CVE-2024-8236 Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possibl...

6.4CVSS5.6AI score0.00362EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.8 views

PT-2024-34803 · Geekrmx · Geekrmx Twitter @Anywhere Plus

Name of the Vulnerable Software and Affected Versions: GeekRMX Twitter @Anywhere Plus versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that can lead to Stored XSS. This problem affects GeekRMX Twitter @Anywhere Plus, allowing for potential malicio...

7.1CVSS6.5AI score0.00177EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/05 12:0 a.m.6 views

PT-2024-32702 · Copyscape · Copyscape Premium

Name of the Vulnerable Software and Affected Versions: Copyscape Premium versions through 1.3.6 Description: A Cross-Site Request Forgery CSRF vulnerability is present in Copyscape Premium, allowing Stored XSS. Recommendations: For versions through 1.3.6, update to a version that fixes the CSRF...

7.1CVSS6.4AI score0.00247EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/23 12:0 a.m.6 views

PT-2024-37470 · WordPress · Request A Quote

Name of the Vulnerable Software and Affected Versions: Request a Quote WordPress plugin versions prior to 2.4.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

5.9CVSS5.9AI score0.00369EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.6 views

PT-2024-28126 · Unknown · Post Layouts For Gutenberg

Name of the Vulnerable Software and Affected Versions: Post Layouts for Gutenberg versions 1.2.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...

6.5CVSS5.3AI score0.0032EPSS
Exploits0References3
OSV
OSV
added 2024/06/26 6:15 a.m.6 views

CVE-2024-4957

The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.8AI score0.00329EPSS
Exploits2References1
OSV
OSV
added 2024/06/21 6:15 a.m.4 views

CVE-2024-5447

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...

4.8CVSS5.8AI score0.00319EPSS
Exploits2References1
OSV
OSV
added 2024/06/13 8:16 a.m.3 views

CVE-2024-36163

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2024/05/23 6:15 a.m.4 views

CVE-2024-2220

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.0033EPSS
Exploits2References1
OSV
OSV
added 2024/04/26 5:15 a.m.3 views

CVE-2024-3075

The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

8.1CVSS5.8AI score0.00624EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.7 views

PT-2024-24718 · Unknown · Dsgvo Youtube

Name of the Vulnerable Software and Affected Versions: DSGVO Youtube versions 1.4.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions...

6.5CVSS5.6AI score0.00312EPSS
Exploits0References3
OSV
OSV
added 2024/04/17 5:15 a.m.3 views

CVE-2024-2102

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'smsprefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the...

4.7CVSS5.8AI score0.00464EPSS
Exploits2References1
OSV
OSV
added 2023/12/04 10:15 p.m.3 views

CVE-2023-5809

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0045EPSS
Exploits2References1
OSV
OSV
added 2023/10/16 8:15 p.m.5 views

CVE-2023-4725

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00402EPSS
Exploits2References1
OSV
OSV
added 2023/09/11 8:15 p.m.3 views

CVE-2023-3169

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

6.1CVSS7.3AI score0.01595EPSS
Exploits2References1
Rows per page
Query Builder