Lucene search
+L

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5215

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.0069EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.11 views

CVE-2023-26059

An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...

6.8CVSS6.7AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.15 views

CVE-2024-8090 JavaScript Logic <= 0.1 - CSRF to Stored XSS

The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

0.00156EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/04 3:58 p.m.18 views

CVE-2025-32113 WordPress Libro de Reclamaciones y Quejas plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas libro-de-reclamaciones-y-quejas allows Cross Site Request Forgery.This issue affects Libro de Reclamaciones y Quejas: from n/a through = 1.0...

7.1CVSS0.00197EPSS
Exploits0References1
wpexploit
wpexploit
added 2023/02/22 12:0 a.m.87 views

GoToWP <= 5.1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. registermeeting type='" onmouseover="alert1...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.131 views

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. h5apinlineplayer src="invalid'...

5.4CVSS2.3AI score0.00573EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/03 12:0 a.m.360 views

Justified Gallery < 1.7.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: gallery ids="1" lightbox="' onmouseover='alert1'"...

5.4CVSS1.8AI score0.0049EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/27 12:0 a.m.513 views

Page-list < 5.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.8AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.117 views

MashShare < 3.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS1AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.111 views

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.5AI score0.00534EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/03 12:0 a.m.516 views

NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS

The plugin does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue curl -H 'x-tomato: alert/XSS/;' 'https://example.com/?nxs-cronrun=yes' The XSS will be triggered in the Log/History...

6.1CVSS1.2AI score0.01334EPSS
Exploits2References1
Exploit DB
Exploit DB
added 2020/04/23 12:0 a.m.144 views

User Management System 2.0 - Persistent Cross-Site Scripting

Exploit Title: User Management System 2.0 - Persistent Cross-Site Scripting Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Version: v2.0 Tested on: Xampp Credit: İsmail BOZKU...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/06/07 12:0 a.m.18 views

OurPHP stored xss

No description provided by source...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/06/12 12:0 a.m.31 views

Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting

==================================================================== Gravity Board X 2.0 Beta SQL/XSS Multiple Remote Vulnerabilities ==================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking...

7.4AI score
Exploits0
Rows per page
Query Builder