Lucene search
K

40 matches found

Cvelist
Cvelist
added 2025/09/26 8:31 a.m.11 views

CVE-2025-60136 WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through = 1.0.2...

5.9CVSS0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/26 8:31 a.m.3 views

CVE-2025-60136 WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through = 1.0.2...

5.9CVSS5.2AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2025/09/26 8:31 a.m.13 views

CVE-2025-60136

CVE-2025-60136 is a Stored XSS vulnerability in WordPress plugin User Notes (versions up to 1.0.2). It arises from improper input neutralization during web page generation. The CVSS 3.1 score is 5.9 (Medium) with vector AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L; exploit requires high privileges and use...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.6 views

PT-2025-39579

Name of the Vulnerable Software and Affected Versions cartpauj User Notes versions through 1.0.2 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to inje...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.5 views

WordPress plugin User Notes 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

5.9CVSS5.6AI score0.0021EPSS
Exploits0References2
OSV
OSV
added 2022/12/28 3:30 p.m.24 views

GHSA-GHX2-6V4G-9WMM usememos/memos makes Incorrect Use of Privileged APIs

In usememos/memos 0.9.0 and prior, a user with login permission can delete all notes of the whole application via API DELETE https://demo.usememos.com/api/memo/$idnote. The vulnerability will lose all user notes data throughout the system, causing damage to user data...

8.1CVSS7.8AI score0.00761EPSS
Exploits1References4
OSV
OSV
added 2019/09/27 8:15 p.m.4 views

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

5.4CVSS6.1AI score0.00775EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.14 views

Joomla! 3.7.x < 3.8.6 User Notes List View SQL Injection

According to its self-reported version number, the detected Joomla! application is affected by an SQL injection vulnerability in the User Notes list view. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...

8.8CVSS8.3AI score0.29245EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.15 views

Joomla! 3.5.x < 3.8.6 User Notes List View SQL Injection

According to its self-reported version number, the detected Joomla! application is affected by an SQL injection vulnerability in the User Notes list view. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...

8.8CVSS8.3AI score0.29245EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.17 views

Joomla! 3.8.x < 3.8.6 User Notes List View SQL Injection

According to its self-reported version number, the detected Joomla! application is affected by an SQL injection vulnerability in the User Notes list view. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...

8.8CVSS8.3AI score0.29245EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.18 views

Joomla! 3.6.x < 3.8.6 User Notes List View SQL Injection

According to its self-reported version number, the detected Joomla! application is affected by an SQL injection vulnerability in the User Notes list view. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source...

8.8CVSS8.3AI score0.29245EPSS
Exploits2References3
seebug.org
seebug.org
added 2018/03/29 12:0 a.m.91 views

Joomla内核SQL注入漏洞(CVE-2018-8045)

作者:绿盟科技 来源: CVE-2018-8045 漏洞简介 漏洞具体情况可参见绿盟科技安全威胁周报-201812周 Joomla! Core SQL注入漏洞: NSFOCUS ID:39158 CVE ID:CVE-2018-8045 受影响版本:Joomla! Joomla! 3.5.0-3.8.5 漏洞点评:Joomla是一套网站内容管理系统,使用PHP语言和MySQL数据库开发。Joomla! 3.5.0 -3.8.5版本对SQL语句内的变量缺少类型转换,导致User Notes列表视图内SQL注 入漏洞,可使攻击者访问或修改数据等。目前厂商已经发布了升级补丁,修复了这个...

8.6AI score0.29245EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2018/03/23 12:0 a.m.92 views

Joomla! 3.5.0 < 3.8.6 User Notes List View SQL Injection

According to its self-reported version number, the Joomla! installation running on the remote web server is 3.5.0 or later but prior to 3.8.6. It is, therefore, affected by an SQL injection vulnerability. Note that Nessus has not attempted to exploit these issues but has instead relied only on th...

8.8CVSS8.1AI score0.29245EPSS
Exploits2References3
NVD
NVD
added 2018/03/15 1:29 a.m.14 views

CVE-2018-8045

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view...

8.8CVSS8.9AI score0.29245EPSS
Exploits2References3
OSV
OSV
added 2018/03/15 1:29 a.m.13 views

CVE-2018-8045

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view...

8.8CVSS8AI score
Exploits0References3
Prion
Prion
added 2018/03/15 1:29 a.m.14 views

Sql injection

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view...

6.5CVSS8.8AI score0.29245EPSS
Exploits2References3Affected Software1
Dsquare
Dsquare
added 2018/03/15 12:0 a.m.552 views

Joomla User Notes List View SQL Injection

SQL Injection vulnerability in Joomla filtercategoryid parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

6.5CVSS1.3AI score0.29245EPSS
Exploits2
Cvelist
Cvelist
added 2018/03/14 8:0 p.m.30 views

CVE-2018-8045

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view...

8.9AI score0.29245EPSS
Exploits2References3
CVE
CVE
added 2018/03/14 8:0 p.m.99 views

CVE-2018-8045

CVE-2018-8045 affects Joomla! versions 3.5.0 through 3.8.5, where a lack of type casting in a SQL statement in the User Notes list view enables an SQL injection vulnerability. Exploitation could allow a remote attacker to execute arbitrary SQL commands on the affected system (per connected adviso...

8.8CVSS8.8AI score0.29245EPSS
Exploits2References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/03/08 12:0 a.m.531 views

[20180301] - Core - SQLi vulnerability User Notes

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view...

8.8CVSS9.1AI score0.29245EPSS
Exploits2Affected Software1
Rows per page
Query Builder