Lucene search
K

1184 matches found

OSV
OSV
added 2021/05/05 7:15 p.m.8 views

CVE-2021-24268

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

5.4CVSS6.1AI score0.0059EPSS
Exploits0References2
OSV
OSV
added 2021/04/02 7:15 p.m.7 views

CVE-2021-29661

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diagvalues.html Stored XSS via the ITEMLISTVALUESITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it...

5.4CVSS6AI score0.006EPSS
Exploits1References1
OSV
OSV
added 2021/03/18 3:15 p.m.6 views

CVE-2021-24129

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...

5.4CVSS5.9AI score0.00658EPSS
Exploits2References1
OSV
OSV
added 2020/10/08 1:15 p.m.3 views

CVE-2020-2292

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...

5.4CVSS6AI score0.00735EPSS
Exploits0References2
Prion
Prion
added 2020/08/12 2:15 p.m.17 views

Cross site scripting

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

8.5CVSS8.8AI score0.018EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/06/22 3:15 p.m.5 views

CVE-2020-13888

Kordil EDMS through 2.2.60rc3 allows stored XSS in usersedit.php, usersmanagementedit.php, and usermanagement.php...

5.4CVSS6.1AI score0.00521EPSS
Exploits0References2
OSV
OSV
added 2020/05/05 10:15 p.m.6 views

CVE-2019-20768

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparmitemguid and sysid parameters in an Incident Request to servicecatalog.do...

5.4CVSS6.1AI score0.00719EPSS
Exploits1References2
OSV
OSV
added 2020/04/16 7:15 p.m.4 views

CVE-2019-20714

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22,...

4.8CVSS5.8AI score0.00606EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 2:15 p.m.3 views

CVE-2020-11768

Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30,...

4.8CVSS6.2AI score0.00506EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 2:15 p.m.4 views

CVE-2019-19500

Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software...

5.4CVSS6.1AI score0.00772EPSS
Exploits3References2
VulnCheck KEV
VulnCheck KEV
added 2020/04/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-17231

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues...

6.1CVSS6.4AI score0.01216EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/04/01 12:0 a.m.3 views

PT-2020-12622 · Limesurvey · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 4.1.12+200324 Description: The issue concerns stored XSS in certain files, specifically in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php, which is related to...

5.4CVSS5.1AI score0.70841EPSS
Exploits4References6
OSV
OSV
added 2020/03/04 7:15 p.m.7 views

CVE-2019-19222

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

5.4CVSS6.2AI score0.01867EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/03/04 12:0 a.m.5 views

PT-2020-10101 · D Link · Dsl-2680

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2680 version EU 1.03 Description: A Stored XSS issue in the web administration interface allows an authenticated attacker to inject arbitrary JavaScript code into the administration page by sending a crafted "Forms/wireless...

5.4CVSS5.3AI score0.01867EPSS
Exploits1References6
OSV
OSV
added 2020/02/25 5:15 p.m.5 views

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

4.8CVSS6AI score0.01355EPSS
Exploits0References2
Snyk
Snyk
added 2020/01/14 11:0 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MyAccountPortlet fields such as First Name, Middle Name, and Last Name. A user can inject malicious scripts that persist within the database and are executed when other users view these modified fields...

5.4CVSS5.4AI score0.04457EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2018/10/16 12:0 a.m.7 views

PT-2018-14397 · Alchemycms · Alchemycms

Name of the Vulnerable Software and Affected Versions: AlchemyCMS version 4.1.0 Description: A Stored XSS issue has been found in AlchemyCMS via the "/admin/pictures" image field. The vendor disputes the validity of this report, stating that the researcher used an authorized cookie to access a...

6.1CVSS6.2AI score0.01691EPSS
Exploits2References10
OSV
OSV
added 2018/08/06 3:29 p.m.5 views

CVE-2018-14962

zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php...

5.4CVSS5.8AI score0.00667EPSS
Exploits1References1
OSV
OSV
added 2018/06/29 12:29 p.m.5 views

CVE-2018-12992

An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface...

4.8CVSS5.8AI score0.00529EPSS
Exploits1References1
OSV
OSV
added 2018/03/29 5:29 a.m.4 views

CVE-2018-9121

In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment...

5.4CVSS5.8AI score0.00575EPSS
Exploits3References2
Rows per page
Query Builder