Lucene search
K

28 matches found

NVD
NVD
added yesterday6 views

CVE-2026-53987

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-53987

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.6AI score
Exploits0References5Affected Software1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-53987 GLPI 11 < 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-53987

GLPI 11 before 2.14.4 is affected by a stored XSS in the Tag plugin's Kanban badge rendering. The Tag plugin stores tag names without HTML sanitization and injects them into Kanban badges via PluginTagTag::preKanbanContent(), without escaping output. An authenticated user with TAG MANAGEMENT crea...

7.3CVSS5.6AI score
Exploits0References4
EUVD
EUVD
added 2026/06/02 7:48 a.m.12 views

EUVD-2026-33899

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.11 views

CVE-2026-9722

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/08 7:51 a.m.4 views

WordPress Pinterest Site Verification plugin using Meta Tag plugin <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'postvar' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Pinterest Site Verification plugin using Meta Tag versions = 1.8...

6.4CVSS5.9AI score0.002EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/27 1:34 a.m.8 views

CVE-2025-62983 WordPress Posts By Tag plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through = 3.2.1...

6.5CVSS0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2023-27958

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:35 a.m.5 views

CVE-2023-23875

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...

5.9CVSS5.2AI score0.00369EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.19 views

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

5.9CVSS6.5AI score0.00254EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/11/07 12:15 p.m.49 views

CVE-2023-5567

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS0.00434EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/11/07 11:31 a.m.5 views

CVE-2023-5567

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.8AI score0.00434EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/07 12:0 a.m.4 views

PT-2023-32182 · WordPress · Qr Code Tag

Name of the Vulnerable Software and Affected Versions: QR Code Tag plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'qrcodetag' shortcode, allowing authenticated...

6.4CVSS6.3AI score0.00434EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.3 views

WordPress Plugin QR Code Tag Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6.7AI score0.00434EPSS
Exploits0References4
NVD
NVD
added 2023/05/03 4:15 p.m.32 views

CVE-2023-23875

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2023/05/03 4:15 p.m.5 views

CVE-2023-23875

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...

4.8CVSS6.6AI score0.00369EPSS
Exploits0References1
Prion
Prion
added 2023/05/03 4:15 p.m.13 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...

4.3CVSS4.8AI score0.00369EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/03 3:10 p.m.27 views

CVE-2023-23875 WordPress Bing Site Verification plugin using Meta Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/05/03 3:10 p.m.42 views

CVE-2023-23875

CVE-2023-23875 describes an authentication-required Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin combination “Bing Site Verification plugin using Meta Tag” (v

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder