Lucene search
+L

111 matches found

redhatcve
redhatcve
added 2025/05/23 8:37 a.m.9 views

CVE-2024-32877

Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...

4.7CVSS6.5AI score0.00347EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:59 a.m.7 views

CVE-2024-1841

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...

6.4CVSS5.9AI score0.0032EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 4:4 a.m.10 views

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS5.6AI score0.00689EPSS
Exploits1
snyk
snyk
added 2025/05/15 4:48 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:bootstrap is a WebJar for bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages ...

5.6CVSS5.3AI score0.00272EPSS
Exploits0References2
snyk
snyk
added 2025/05/15 4:48 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars:bootstrap is a WebJar for Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages by...

5.6CVSS5.3AI score0.00272EPSS
Exploits0References2
snyk
snyk
added 2025/05/15 4:48 p.m.1 views

Cross-site Scripting (XSS)

Overview org.webjars.bower:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An...

5.6CVSS5.3AI score0.00272EPSS
Exploits0References2
snyk
snyk
added 2025/05/15 4:48 p.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.twbs:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page...

5.6CVSS5.3AI score0.00272EPSS
Exploits0References2
cve
cve
added 2025/05/15 4:26 p.m.82 views

CVE-2025-1647

CVE-2025-1647 is an XSS vulnerability in Bootstrap affecting 3.4.1 up to 4.0.0, due to improper input neutralization in the Popover and Tooltip components. Several sources confirm affected versions and public advisories (Debian DLA-4204-1, GHSA advisory, Debian security tracker, and CVE records)....

5.6CVSS5.5AI score0.00272EPSS
Exploits0References2
snyk
snyk
added 2024/07/08 3:40 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML title attribute in the list view. An attacker can manipulate the output and inject malicious scripts by crafting malicious input that is improperly escaped. Note Patched version 3.1.3 has a...

6.8CVSS5.3AI score0.00579EPSS
Exploits0References2
osv
osv
added 2024/07/08 3:15 p.m.58 views

UBUNTU-CVE-2024-39308

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...

6.8CVSS5.8AI score0.00579EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2024/07/08 2:33 p.m.14 views

CVE-2024-39308 RailsAdmin Cross-site Scripting vulnerability in the list view

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...

6.8CVSS5.9AI score0.00579EPSS
Exploits0References6
cvelist
cvelist
added 2024/07/08 2:33 p.m.40 views

CVE-2024-39308 RailsAdmin Cross-site Scripting vulnerability in the list view

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...

6.8CVSS0.00579EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/07/02 12:0 a.m.6 views

PT-2024-18037 · Unknown · The Post Grid – Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.7.1 Description: The issue is related to Stored Cross-Site Scripting via the section title tag attribute due to insufficient...

6.4CVSS6.1AI score0.00341EPSS
Exploits0References7
attackerkb
attackerkb
added 2024/06/07 4:15 a.m.2 views

CVE-2024-5425

The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References6
patchstack
patchstack
added 2024/06/07 2:3 a.m.7 views

WordPress WP jQuery Lightbox plugin <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via title Attribute vulnerability discovered by Webbernaut in WordPress Plugin WP jQuery Lightbox versions = 1.5.4...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/06/06 12:0 a.m.3 views

PT-2024-36129 · WordPress · Wp Jquery Lightbox

Name of the Vulnerable Software and Affected Versions: WP jQuery Lightbox plugin for WordPress versions up to, and including, 1.5.4 Description: The issue is related to Stored Cross-Site Scripting via the title attribute due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References10
cvelist
cvelist
added 2024/05/30 7:52 p.m.32 views

CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...

4.2CVSS4.5AI score0.00347EPSS
Exploits0References2
osv
osv
added 2024/02/27 5:15 a.m.5 views

CVE-2024-1323

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

5.4CVSS6AI score0.00486EPSS
Exploits0References4
susecve
susecve
added 2023/10/31 2:53 a.m.4 views

SUSE CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS6AI score0.06463EPSS
Exploits0References2
github
github
added 2023/06/30 6:31 p.m.24 views

MediaWiki Cross-site Scripting vulnerability

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS6.2AI score0.00689EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder