Lucene search
K

178 matches found

CVE
CVE
added 2024/03/26 8:40 a.m.42 views

CVE-2023-7251

CVE-2023-7251 affects the WordPress plugin User Submitted Posts (versions

6.5CVSS5.2AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.3 views

WordPress Plugin User Submitted Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS6.2AI score0.00339EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:11 a.m.34 views

BIT-TYPO3-2020-11066

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...

10CVSS9.4AI score0.01472EPSS
Exploits0References1
NVD
NVD
added 2024/01/17 5:15 p.m.20 views

CVE-2023-20271

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of...

6.5CVSS6.6AI score0.00546EPSS
Exploits0References1
NVD
NVD
added 2023/12/20 7:15 p.m.28 views

CVE-2023-45603

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

9.8CVSS0.00903EPSS
Exploits0References1
OSV
OSV
added 2023/12/20 7:15 p.m.4 views

CVE-2023-45603

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

9.8CVSS7.3AI score0.00903EPSS
Exploits0References1
Prion
Prion
added 2023/12/20 7:15 p.m.20 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

7.5CVSS7.1AI score0.00903EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/20 6:38 p.m.94 views

CVE-2023-45603

CVE-2023-45603 concerns the WordPress plugin User Submitted Posts (Jeff Starr) with an Unrestricted Upload of File with Dangerous Type, enabling unauthenticated users to upload arbitrary files via the usp_attach_images path. Public sources (NVD/Wordfence, Patchstack) identify this as a high-sever...

9.8CVSS8.6AI score0.00903EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/20 6:38 p.m.35 views

CVE-2023-45603 WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902...

9CVSS9.7AI score0.00903EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.5 views

WordPress Plugin User Submitted Posts Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

9.8CVSS6.8AI score0.00903EPSS
Exploits0References3
Veracode
Veracode
added 2023/12/19 7:44 a.m.17 views

Denial Of Service (DoS)

@sentry/astro is vulnerable to Denial of Service DoS. The vulnerability is caused due to the dynamic creation of regular expressions for user-submitted URL parameter values in middleware.ts, resulting in DoS...

7.5CVSS7AI score0.00785EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2023/12/11 12:0 a.m.10 views

D-Link DIR-846 Deserialization Vulnerability

The D-Link DIR-846 is a wireless router from China's AUO D-Link. The D-Link DIR-846 suffers from a deserialization vulnerability that originates from the unsafe deserialization of the parameters smartqosexpressdevices/smartqosnormaldevices of the file /HNAP1/ in the receipt of user-submitted...

9CVSS7.2AI score0.02347EPSS
Exploits1References1
Veracode
Veracode
added 2023/11/13 7:2 a.m.11 views

Cross-Site-Scripting (XSS)

symfony is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of validation in the webhookcontroller. The error message in WebhookController returns unescaped user-submitted input. An attacker can potentially trick a victim into clicking a link which will execute arbitrary...

6.1CVSS7.4AI score0.00568EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2023/11/10 6:15 p.m.26 views

CVE-2023-46735

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

6.1CVSS0.00568EPSS
Exploits0References2
Prion
Prion
added 2023/11/10 6:15 p.m.16 views

Input validation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

5.8CVSS7AI score0.00568EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/10/10 12:0 a.m.13 views

WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload

Software User Submitted Posts Type Plugin Vulnerable versions = 20230902 Fixed in 20230914 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-45603 Patch priority High CVSS severity High 9 Developer Claim ownership PSID b7d676bf7c95 Credits Rafie Muhammad Patchstack...

9.8CVSS6.8AI score0.00903EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/06 7:15 a.m.5 views

CVE-2023-4779

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

5.4CVSS6AI score0.00325EPSS
Exploits0References2
NVD
NVD
added 2023/09/06 7:15 a.m.18 views

CVE-2023-4779

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

6.4CVSS5.7AI score0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/06 6:41 a.m.27 views

CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References2
CVE
CVE
added 2023/09/06 6:41 a.m.44 views

CVE-2023-4779

CVE-2023-4779 affects the WordPress plugin User Submitted Posts . The vulnerability is a stored XSS via the plugin’s [usp_gallery] shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes (e.g., ‘before’). Impact: authenticated attackers with contributo...

6.4CVSS5.2AI score0.00325EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder