Lucene search
+L

182 matches found

Patchstack
Patchstack
added 2025/02/02 4:8 p.m.5 views

WordPress Social Links plugin <= 1.0.11 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability discovered by Abdi Pranata in WordPress Plugin Social Links versions = 1.0.11...

6.5CVSS5.8AI score0.00136EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/01/16 9:15 p.m.26 views

CVE-2025-23933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpfreeware WpF Ultimate Carousel wpf-ultimate-carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through = 1.0.11...

6.5CVSS0.0022EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:43 p.m.7 views

WordPress Salvador – AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Salvador – AI Image Generator versions = 1.0.11...

4.3CVSS7AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/16 6:43 p.m.6 views

WordPress WpF Ultimate Carousel plugin <= 1.0.11 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WpF Ultimate Carousel versions = 1.0.11...

6.5CVSS5.8AI score0.0022EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.5 views

WordPress plugin WpF Ultimate Carousel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.8AI score0.0022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.12 views

PT-2025-5230 · Awcode +1 · Awcode +2

Name of the Vulnerable Software and Affected Versions: Salvador – AI Image Generator versions 1.0.11 and earlier Description: The issue is related to a missing authorization vulnerability in AWcode and KingfisherFox Salvador – AI Image Generator, which allows the exploitation of incorrectly...

4.3CVSS9.4AI score0.00245EPSS
Exploits0References4
OSV
OSV
added 2025/01/15 4:15 p.m.2 views

CVE-2025-22752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11...

6.1CVSS5.8AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.7 views

WordPress plugin GSheetConnector for Forminator Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS7.6AI score0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/15 12:0 a.m.13 views

PT-2025-4673 · Unknown · Gsheetconnector For Forminator Forms

Name of the Vulnerable Software and Affected Versions: GSheetConnector for Forminator Forms versions 1.0.11 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inje...

7.1CVSS9.2AI score0.00324EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/22 3:37 p.m.22 views

CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

5.1CVSS6.2AI score0.00587EPSS
Exploits0References3
CVE
CVE
added 2024/11/22 3:37 p.m.82 views

CVE-2024-52793

The CVE affects the Deno Standard Library, specifically http/file-server.serveDir with showDirListing: true on POSIX systems, where file names controlled by an attacker can trigger cross-site scripting. Versions prior to 1.0.11 are affected; 1.0.11 fixes the issue. Exploitation is documented as p...

5.1CVSS5.9AI score0.00587EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/10/31 12:0 a.m.12 views

Tenable Sensor Proxy < 1.0.11 (TNS-2024-18)

According to its self-reported version, the Tenable Sensor Proxy running on the remote host is prior to 1.0.11. It is, therefore, affected by a vulnerability as referenced in the TNS-2024-18 advisory. - Sensor Proxy leverages third-party software to help provide underlying functionality. One of t...

7.5CVSS6.8AI score0.66594EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.5 views

PT-2024-33601 · Unknown · Rafasashi Svg Captcha

Name of the Vulnerable Software and Affected Versions: rafasashi SVG Captcha versions 1.0.11 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

7.1CVSS5.6AI score0.00275EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/18 12:0 a.m.5 views

PT-2024-30467 · Unknown · Bert Kößler Movie Database

Name of the Vulnerable Software and Affected Versions: Bert Kößler Movie Database versions n/a through 1.0.11 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

5.9CVSS5.6AI score0.00255EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2024/08/12 10:15 p.m.5 views

CVE-2024-43226

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11...

6.5CVSS5.2AI score0.00245EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/09 12:52 p.m.5 views

WordPress WP Dashboard Notes plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin WP Dashboard Notes versions = 1.0.11...

6.5CVSS6.1AI score0.00245EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.7 views

PT-2024-37747 · WordPress · Meks Video Importer

Name of the Vulnerable Software and Affected Versions: Meks Video Importer plugin for WordPress versions up to, and including, 1.0.11 Description: The issue arises from a missing capability check on the ajax save settings function, allowing authenticated attackers with Subscriber-level access and...

4.3CVSS6.3AI score0.00325EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.5 views

PT-2024-27081 · Alexbinary · Object-Deep-Assign

Name of the Vulnerable Software and Affected Versions: alexbinary object-deep-assign version 1.0.11 Description: The issue concerns a Prototype Pollution vulnerability via the extend method of Module.deepAssign, located in /src/index.js. Recommendations: For alexbinary object-deep-assign version...

9.8CVSS6.6AI score0.00558EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/17 12:0 a.m.6 views

object-deep-assign security vulnerability

object-deep-assign is a library by Alex Binary Personal Developer. A security vulnerability exists in object-deep-assign version 1.0.11, which stems from easy prototype contamination via extend in Module.deepAssign /src/index.js...

9.8CVSS6.9AI score0.00558EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/09 6:0 p.m.4 views

Malicious code in test-pkg-blabla (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83b007683c452075ec2dfb23b7de20d38b8d28441ce63b4745fd114bba008a94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Rows per page
Query Builder