Lucene search
K

175 matches found

OSV
OSV
added 2021/05/05 7:15 p.m.4 views

CVE-2021-24275

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...

6.1CVSS6.4AI score0.18165EPSS
Exploits5References2
OSV
OSV
added 2021/05/05 7:15 p.m.5 views

CVE-2021-24276

The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.16044EPSS
Exploits5References2
OSV
OSV
added 2021/05/05 7:15 p.m.5 views

CVE-2021-24274

The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.17638EPSS
Exploits5References2
OSV
OSV
added 2021/04/22 9:15 p.m.4 views

CVE-2021-24234

The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to...

6.1CVSS5.8AI score0.01173EPSS
Exploits2References3
CNVD
CNVD
added 2020/07/27 12:0 a.m.4 views

RosarioSIS Cross-Site Scripting Vulnerability (CNVD-2020-42950)

RosarioSIS is a student information system for school management. A cross-site scripting vulnerability exists in RosarioSIS 6.7.2. The vulnerability stems from improper validation of user-supplied input in the Preferences.php script. A remote attacker can exploit the vulnerability by using the ta...

6.1CVSS6.2AI score0.05557EPSS
Exploits2References1
Cvelist
Cvelist
added 2019/09/25 11:4 p.m.21 views

CVE-2015-9410

The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter...

5.3AI score0.01183EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.5 views

PT-2019-7369 · Blubrry · Blubrry Powerpress Podcasting Plugin

Name of the Vulnerable Software and Affected Versions: Blubrry PowerPress Podcasting plugin version 6.0.4 Description: The issue is related to a cross-site scripting XSS vulnerability. It occurs via the tab parameter. There is no information provided about the estimated number of potentially...

5.4CVSS5.2AI score0.01183EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2019/08/08 12:0 a.m.5 views

PT-2019-13826 · Woo Variation Swatches · Woo-Variation-Swatches

Name of the Vulnerable Software and Affected Versions: Woo-variation-swatches plugin version 1.0.61 Description: The issue allows for XSS via the "tab" parameter in the 'wp-admin/admin.php?page=woo-variation-swatches-settings' endpoint. Recommendations: For version 1.0.61, consider disabling acce...

6.1CVSS6AI score0.0102EPSS
Exploits1References4
CNVD
CNVD
added 2019/04/22 12:0 a.m.2 views

idreamsoft iCMS Cross-Site Scripting Vulnerability (CNVD-2019-12120)

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site scripting vulnerability exists in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14, which can be exploited by an attacker via the admincp.php?app=config tab parameter...

6.1CVSS6.4AI score0.00826EPSS
Exploits1References1
OSV
OSV
added 2018/10/03 8:29 a.m.4 views

CVE-2018-17947

The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter...

6.1CVSS5.8AI score0.01212EPSS
Exploits1References3
OSV
OSV
added 2018/04/04 7:29 p.m.7 views

CVE-2018-9034

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

5.4CVSS5.9AI score0.02009EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2018/04/04 7:29 p.m.5 views

CVE-2018-9034

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

5.4CVSS5.7AI score0.02009EPSS
Exploits5References2
Prion
Prion
added 2018/04/04 7:29 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

3.5CVSS5.4AI score0.02009EPSS
Exploits5References1Affected Software1
CVE
CVE
added 2018/04/04 7:0 p.m.57 views

CVE-2018-9034

CVE-2018-9034 affects the WordPress Relevanssi plugin, specifically version 4.0.4 (and possibly earlier). The vulnerability is a Reflected XSS in lib/interface.php where the GET parameter tab is read and echoed into HTML without proper escaping, allowing an attacker to inject arbitrary JavaScript...

5.4CVSS5.4AI score0.02009EPSS
Exploits5References1Affected Software1
OSV
OSV
added 2018/03/18 6:29 a.m.3 views

CVE-2018-8767

joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...

4.8CVSS5.8AI score0.0064EPSS
Exploits1References1
CNVD
CNVD
added 2017/11/01 12:0 a.m.5 views

WordPress PopCash.Net Code Integration Tool plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . PopCash.Net Code Integration Tool plugin is used in one of the code integration tool . A cross-site scripting...

6.1CVSS6.5AI score0.01353EPSS
Exploits1References1
OSV
OSV
added 2017/10/23 5:29 p.m.2 views

CVE-2017-15810

The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php...

6.1CVSS5.8AI score0.01353EPSS
Exploits1References3
Cvelist
Cvelist
added 2017/10/23 5:0 p.m.17 views

CVE-2017-15810

The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php...

6.2AI score0.01353EPSS
Exploits1References3
CNVD
CNVD
added 2017/01/03 12:0 a.m.4 views

Piwigo Remote File Inclusion Vulnerability

Piwigo is a photo album script written in PHP. A security vulnerability exists in the admin/languages.php implementation in versions prior to Piwigo 2.8.3, where a remote administrator user passes the tab parameter and the executable file contains an attack...

7.2CVSS7AI score0.01837EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/12/30 7:8 a.m.18 views

CVE-2016-10085

admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter...

6.7AI score0.01837EPSS
Exploits0References3
Rows per page
Query Builder