Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:10 a.m.8 views

CVE-2024-23735

Cross Site Scripting XSS vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate...

6.1CVSS6AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.9 views

CVE-2022-1208

The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected...

6.4CVSS5.8AI score0.00872EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/10 12:0 a.m.20 views

CVE-2024-23735

Cross Site Scripting XSS vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate...

5.8AI score0.00213EPSS
Exploits0References2
CVE
CVE
added 2024/04/10 12:0 a.m.67 views

CVE-2024-23735

CVE-2024-23735 describes a Cross Site Scripting (XSS) vulnerability in the S/MIME certificate upload feature on the Savignano S/Notify User Profile pages for Confluence. Affected: Savignano S/Notify versions prior to 4.0.0 (Confluence integration). Nature: XSS via specially crafted certificates i...

6.1CVSS5.9AI score0.00213EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/02 12:0 a.m.16 views

Ultimate Member < 2.4.0 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Biography available on user profile pages, which could allow users to perform Cross-Site Scripting attacks via their profile...

6.4CVSS3.8AI score0.00872EPSS
Exploits1Affected Software1
Rows per page
Query Builder