Lucene search
K

26 matches found

Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.9 views

PT-2024-37912 · WordPress · Wp Last Modified Info

Name of the Vulnerable Software and Affected Versions: WP Last Modified Info plugin for WordPress versions up to, and including, 1.9.0 Description: The issue is related to Stored Cross-Site Scripting via the template attribute of the lmt-post-modified-info shortcode. This is due to insufficient...

6.4CVSS5.9AI score0.00313EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.9 views

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

6.1CVSS6.5AI score0.1686EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.4 views

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

6.1CVSS6.5AI score0.1686EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/11/29 9:15 p.m.5 views

CVE-2022-3361

The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths...

4.3CVSS6.5AI score0.02484EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.4 views

PT-2022-21791 · WordPress · Ultimate Member

Name of the Vulnerable Software and Affected Versions: The Ultimate Member plugin for WordPress versions up to, and including 2.5.0 Description: The issue is related to directory traversal due to insufficient input validation on the template attribute used in shortcodes. This allows attackers wit...

4.3CVSS5.1AI score0.02484EPSS
Exploits1References9
OSV
OSV
added 2019/02/22 8:54 p.m.12 views

GHSA-9V3M-8FP8-MJ99 Bootstrap Vulnerable to Cross-Site Scripting

Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting XSS. The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. Recommendation For bootstrap 4.x upgrade to...

6.1CVSS6.9AI score0.1686EPSS
Exploits1References45
Rows per page
Query Builder