Lucene search
K

18 matches found

Veracode
Veracode
added 2025/12/13 5:40 a.m.7 views

Cross-Site Scripting (XSS)

magento is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user input in form fields, which allows an attacker to inject malicious scripts that execute in a victim’s browser when the affected page is viewed...

8.1CVSS5.8AI score0.00551EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11535

Malware in sbrugna...

4.8CVSS5.2AI score0.00598EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/06/09 6:0 a.m.16 views

CVE-2025-3582 Newsletter < 8.8.5 - Admin+ Stored XSS via Form

The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.0022EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:3 a.m.4 views

CVE-2023-1982

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00379EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.10 views

CVE-2022-4196

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.0047EPSS
Exploits2References1
OSV
OSV
added 2025/05/02 6:15 a.m.7 views

CVE-2025-3514

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS7.3AI score0.00219EPSS
Exploits1References1
OSV
OSV
added 2025/01/13 6:15 a.m.4 views

CVE-2024-12566

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS5.8AI score0.00292EPSS
Exploits1References1
OSV
OSV
added 2024/07/30 6:15 a.m.3 views

CVE-2024-6021

The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability...

6.8CVSS5.7AI score0.00421EPSS
Exploits1References1
OSV
OSV
added 2023/08/30 3:15 p.m.4 views

CVE-2023-1982

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00379EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/08 10:15 a.m.5 views

CVE-2022-1569

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.7 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin WordPress Advanced Ticket System, Elite Support...

4.8CVSS5.1AI score0.00598EPSS
Exploits2References2
OSV
OSV
added 2021/08/09 9:15 p.m.3 views

PYSEC-2021-130

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html . Using this it is possible to trigger the form...

9.6CVSS7.5AI score0.02638EPSS
Exploits1References2
PyPA
PyPA
added 2021/08/09 9:15 p.m.4 views

PYSEC-2021-130

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html . Using this it is possible to trigger the form...

9.6CVSS7.8AI score0.02638EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/09 12:0 a.m.3 views

PT-2021-19938

Name of the Vulnerable Software and Affected Versions JupyterLab versions prior to 1.2.21 JupyterLab versions prior to 2.2.10 JupyterLab versions prior to 2.3.2 JupyterLab versions prior to 3.0.17 JupyterLab versions prior to 3.1.4 Description In affected versions, an untrusted notebook can execu...

9.6CVSS7.6AI score0.02638EPSS
Exploits1References20
OSV
OSV
added 2021/05/06 1:15 p.m.4 views

CVE-2021-24250

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin...

5.4CVSS6.1AI score0.00645EPSS
Exploits2References1
OSV
OSV
added 2021/02/26 3:15 p.m.3 views

CVE-2021-3010

There are multiple persistent cross-site scripting XSS vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized...

5.4CVSS6.1AI score0.00862EPSS
Exploits1References2
exploitpack
exploitpack
added 2002/06/10 12:0 a.m.15 views

MyHelpDesk 20020509 - HTML Injection

MyHelpDesk 20020509 - HTML Injection source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/06/10 12:0 a.m.20 views

MyHelpDesk 20020509 - HTML Injection

source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through...

7AI score
Exploits0
Rows per page
Query Builder