Lucene search
K

178 matches found

Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.5 views

PT-2025-14601 · WordPress · User Submitted Posts

Name of the Vulnerable Software and Affected Versions: User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress versions up to, and including, 20240319 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input...

4.4CVSS5.1AI score0.00223EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/02/18 7:11 p.m.7 views

CVE-2025-26604 Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

8.3CVSS7.3AI score0.00328EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.6 views

Discord Bot Framework Kernel 信息泄露漏洞

Discord Bot Framework Kernel is a Discord Bot Framework kernel open sourced by Discord Agora. An information disclosure vulnerability exists in the Discord Bot Framework Kernel that stems from not properly handling user-submitted code. An attacker could exploit the vulnerability to extract...

8.3CVSS5.8AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2024/09/17 3:31 p.m.15 views

GHSA-Q25C-R482-77P9 powermail TYPO3 extension has Insecure Direct Object Reference

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

6.9CVSS7.5AI score0.00485EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/09/17 3:31 p.m.18 views

powermail TYPO3 extension has Insecure Direct Object Reference

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

7.5CVSS6.9AI score0.00485EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2024/09/17 12:0 a.m.33 views

CVE-2024-47047

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

0.00485EPSS
Exploits0References1
Veracode
Veracode
added 2024/08/30 7:37 a.m.20 views

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient validation of the mail parameter in the confirmationAction of the Powermail extension, allowing an unauthenticated attacker to display user-submitted data of all forms persisted by t...

7.3CVSS7.1AI score0.00297EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2024/08/28 12:0 a.m.18 views

CVE-2024-45232

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

0.00297EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/15 2:40 a.m.7 views

WordPress User Submitted Posts plugin < 20240516 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin User Submitted Posts versions 20240516...

4.8CVSS6.1AI score0.00423EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/15 12:0 a.m.13 views

WordPress User Submitted Posts Plugin < 20240516 is vulnerable to Cross Site Scripting (XSS)

Software User Submitted Posts Type Plugin Vulnerable versions 20240516 Fixed in 20240516 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5002 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b741c5e1dcda Credits Guido Iván Garc...

4.8CVSS5.8AI score0.00423EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/07/13 6:15 a.m.4 views

CVE-2024-5002

The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00423EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.20 views

CVE-2024-5002 User Submitted Posts < 20240516 - Admin+ Stored XSS

The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00423EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.14 views

CVE-2024-5002 User Submitted Posts < 20240516 - Admin+ Stored XSS

The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00423EPSS
Exploits1References1
Veracode
Veracode
added 2024/06/14 12:11 p.m.10 views

Insecure Deserialization

typo3/cms is vulnerable to Insecure Deserialization. The vulnerability is due to improper handling of user-submitted payloads that are signed with an HMAC-SHA1 using the sensitive TYPO3 encryptionKey as the secret. If the encryptionKey is known to attackers, they can craft a malicious payload tha...

6.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/04 6:0 a.m.17 views

CVE-2024-4180 The Events Calendar < 6.4.0.1 - Reflected XSS

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX...

6.8AI score0.01834EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.20 views

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. PoC...

6.6AI score0.01834EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2024/04/10 12:0 a.m.34 views

EyouCMS Deserialization Vulnerability

EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP. EyouCMS version 1.6.5 has a deserialization vulnerability, the vulnerability stems from the unsafe deserialization of the parameter channelid of the file /login.php in the receipt of user-submitted serialized data...

8.8CVSS7.3AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2024/03/26 9:15 a.m.16 views

CVE-2023-7251

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

6.5CVSS6.4AI score0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/26 8:40 a.m.8 views

CVE-2023-7251 WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

6.5CVSS7AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/26 8:40 a.m.20 views

CVE-2023-7251 WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

6.5CVSS6.6AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder