Lucene search
K

192 matches found

Prion
Prion
added 2021/11/26 5:15 p.m.20 views

Cross site scripting

Multiple Authenticated Reflected Cross-Site Scripting XSS vulnerabilities in WordPress Awesome Support plugin versions = 6.0.6, vulnerable parameters &id, &assignee...

3.5CVSS5.5AI score0.00547EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/26 4:41 p.m.18 views

CVE-2021-36919 WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Reflected Cross-Site Scripting XSS vulnerabilities in WordPress Awesome Support plugin versions = 6.0.6, vulnerable parameters &id, &assignee...

6.1CVSS6.3AI score0.00547EPSS
Exploits0References2
Patchstack
Patchstack
added 2021/11/26 12:0 a.m.14 views

WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Reflected Cross-Site Scripting XSS vulnerabilities were discovered by Ex.Mi in WordPress Awesome Support plugin versions = 6.0.6. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.0.7...

6.1CVSS2.5AI score0.00547EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/09/13 6:15 p.m.1 views

CVE-2021-24623

The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability i...

4.8CVSS5.8AI score
Exploits0References1
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.1097 views

Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)

Description The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit WPScanTeam: - The original report mentioned the issue...

6.1CVSS6.3AI score0.01785EPSS
Exploits2
CNVD
CNVD
added 2020/07/03 12:0 a.m.5 views

Unspecified Vulnerability in CloudBees Jenkins TestComplete support Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . TestComplete support Plugin is used in one of the un...

4.3CVSS6.6AI score0.00691EPSS
Exploits0
Patchstack
Patchstack
added 2020/01/06 12:0 a.m.20 views

WordPress Awesome Support plugin <= 5.8.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by 0xPablito in WordPress Awesome Support plugin versions = 5.8.2. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.0.0...

4.8CVSS1.9AI score0.00717EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/12/18 12:0 a.m.5 views

CloudBees Jenkins Alauda Kubernetes Suport Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

6.5CVSS7AI score0.00852EPSS
Exploits0References1
NVD
NVD
added 2019/12/17 3:15 p.m.13 views

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

8.8CVSS8.7AI score0.00863EPSS
Exploits0References2
OSV
OSV
added 2019/12/17 3:15 p.m.14 views

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

8.8CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2019/12/17 3:15 p.m.14 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

6.8CVSS8.6AI score0.00863EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/12/17 2:40 p.m.70 views

CVE-2019-16576

CVE-2019-16576 affects Jenkins Alauda Kubernetes Support Plugin (versions 2.3.0 and earlier). The issue is a missing permission check that lets attackers with Overall/Read access connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, potenti...

6.5CVSS6.3AI score0.00852EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.16 views

CVE-2019-16575

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

8.7AI score0.00863EPSS
Exploits0References2
CNVD
CNVD
added 2019/08/22 12:0 a.m.4 views

WordPress awesome-support plugin security feature issue vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. awesome-support is a helpdesk and ticketing system plugin used in it. The WordPress awesome-support plugin suffers from a security...

7.5CVSS6.7AI score0.01389EPSS
Exploits0References1
NVD
NVD
added 2019/08/20 3:15 p.m.20 views

CVE-2015-9317

The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages...

6.1CVSS6.1AI score0.00913EPSS
Exploits0References1
NVD
NVD
added 2019/08/20 3:15 p.m.10 views

CVE-2015-9318

The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies...

7.5CVSS7.6AI score0.01389EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/20 2:47 p.m.16 views

CVE-2015-9318

The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies...

7.6AI score0.01389EPSS
Exploits0References1
CVE
CVE
added 2019/08/20 2:47 p.m.40 views

CVE-2015-9318

CVE-2015-9318 affects the WordPress plugin Awesome Support prior to 3.1.7. The vulnerability is that shortcodes are allowed in replies, stemming from the plugin’s handling of reply content. According to NVD, the issue has CVSS v2 base score 5.0 (MEDIUM) with impact on integrity while allowing net...

7.5CVSS7.6AI score0.01389EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/08/13 5:15 p.m.24 views

CVE-2017-18507

The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS...

6.1CVSS6.4AI score0.00915EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/08/12 2:49 p.m.23 views

CVE-2017-18508

The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS...

6.4AI score0.00933EPSS
Exploits0References2
Rows per page
Query Builder