Lucene search
+L

19 matches found

EUVD
EUVD
added 2026/06/26 2:53 p.m.10 views

EUVD-2026-39753

Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49188

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS6.3AI score0.00235EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/25 9:30 p.m.13 views

WordPress Auto Affiliate Links plugin <= 6.8.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Auto Affiliate Links versions = 6.8.8.3...

5.3CVSS5.8AI score0.00231EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/08 9:16 a.m.4 views

CVE-2026-39714

Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through = 6.8...

5.3CVSS0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/06 7:29 a.m.26 views

CVE-2025-12499 Rich Shortcodes for Google Reviews <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Google Review

The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contents of a Google Review in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS0.00354EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/24 10:35 a.m.11 views

CVE-2025-9981

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...

4.8CVSS6.4AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2025/10/23 10:15 a.m.12 views

CVE-2025-9981

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...

4.8CVSS0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/23 9:37 a.m.8 views

EUVD-2025-35661

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...

4.8CVSS5.9AI score0.00176EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.6 views

Open Solution QuickCMS 跨站脚本漏洞

Open Solution QuickCMS is an Open Solution open source content management system. A cross-site scripting vulnerability exists in Open Solution QuickCMS version 6.8, which stems from multiple stored cross-site scripting vulnerabilities in the slider editor feature, which could lead to the injectio...

4.8CVSS6.3AI score0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/28 10:12 a.m.11 views

CVE-2025-54543 Stored XSS in QuickCMS

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...

5.3CVSS0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/28 10:12 a.m.3 views

CVE-2025-54541 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respon...

6.9CVSS6AI score0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.9 views

QuickCMS 跨站脚本漏洞

QuickCMS is an open source content management system from QuickCMS. A cross-site scripting vulnerability exists in QuickCMS version 6.8, which stems from improper handling of the aDirFilesDescriptions parameter and could lead to a stored cross-site scripting attack...

5.3CVSS5.7AI score0.00182EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:30 p.m.12 views

CVE-2020-29536

Archer before 6.8 P2 6.8.0.2 is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks...

4.3CVSS6.2AI score0.00537EPSS
Exploits0
CVE
CVE
added 2024/12/10 12:0 a.m.60 views

CVE-2024-50930

CVE-2024-50930 affects Silicon Labs Z-Wave Series 500, specifically version 6.84.0. The issue allows attackers to execute arbitrary code. The available connected docs confirm the product/version and the impact but do not provide root-cause details or exploit specifics. Mitigation guidance in PT S...

8.8CVSS7.3AI score0.0029EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/07/09 9:15 p.m.5 views

CVE-2024-38959

Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter...

6.1CVSS6.1AI score0.00669EPSS
Exploits1References1
Snyk
Snyk
added 2024/03/26 1:42 p.m.4 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS when loading SVG files via object or embed elements. Workaround This vulnerability can be avoided by simulating the functionality of the...

6.1CVSS4.7AI score0.00722EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/09 5:0 p.m.1 views

CVE-2022-30573

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a...

8.8CVSS5.9AI score0.00663EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/01/29 7:15 a.m.4 views

CVE-2020-29535

Archer before 6.8 P4 6.8.0.4 contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store throug...

5.4CVSS6.2AI score0.0081EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/07/05 1:29 p.m.4 views

CVE-2018-8928

Cross-site scripting XSS vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the 1 familyname, 2 givenname, or 3 additionalname parameter...

6.5CVSS5.7AI score0.00803EPSS
Exploits0References2
Rows per page
Query Builder