Lucene search
K

85 matches found

Patchstack
Patchstack
added 2025/02/10 1:22 a.m.5 views

WordPress DWT theme <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Theme DWT - Directory & Listing versions = 3.3.4...

6.4CVSS5.8AI score0.00253EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/02/08 12:0 a.m.4 views

WordPress plugin DWT - Directory & Listing 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS8.1AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/08 12:0 a.m.8 views

PT-2025-6025 · WordPress · Dwt - Directory & Listing Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The DWT - Directory & Listing WordPress Theme versions up to, and including, 3.3.4 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS7.9AI score0.00253EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/02/05 12:25 a.m.7 views

CVE-2024-31275

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4...

9.8CVSS6.9AI score0.00472EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/03 11:52 p.m.5 views

WordPress FancyBox for WordPress plugin <= 3.3.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin FancyBox for WordPress versions = 3.3.4...

6.4CVSS6.1AI score0.00421EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.15 views

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

6.5CVSS6.5AI score0.00398EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/11/08 12:0 a.m.3 views

HomeServe Home Repair 安全漏洞

HomeServe Home Repair is a home repair application from HomeServe, Inc. A security vulnerability exists in HomeServe Home Repair version 3.3.4 that stems from improper access control and allows a physically proximate attacker to elevate privileges through the fingerprint authentication feature...

6.8CVSS6.9AI score0.00294EPSS
Exploits0References3
Fedora
Fedora
added 2024/07/19 1:46 a.m.40 views

[SECURITY] Fedora 40 Update: ruby-3.3.4-11.fc40

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

5.3CVSS7AI score0.02064EPSS
Exploits1
NVD
NVD
added 2024/06/09 7:15 p.m.14 views

CVE-2024-31275

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4...

9.8CVSS0.00472EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.5 views

WordPress plugin EventPrime security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.7AI score0.00472EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.22 views

WordPress MasterStudy LMS Plugin <= 3.3.3 is vulnerable to Local File Inclusion

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3136 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0e613f9f337e Credits Hiroho Shimada Required privilege...

9.8CVSS6.8AI score0.05018EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/30 1:15 p.m.1 views

CVE-2023-48331

Cross-Site Request Forgery CSRF vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4...

8.8CVSS7.3AI score
Exploits0References1
Patchstack
Patchstack
added 2023/11/23 12:0 a.m.11 views

WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software MyBookTable Bookstore Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ac06dff1976c Credits Nguyen Xuan...

8.8CVSS7AI score0.00256EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.19 views

WordPress WP News and Scrolling Widgets Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WP News and Scrolling Widgets Type Plugin Vulnerable versions = 3.3.4 Fixed in 4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c0214c70fb9b Credits Rafie Muhammad Patchstac...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.5 views

OWASP ModSecurity Core Rule Set 安全漏洞

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in OWASP ModSecurity Core Rule Set 3.3.4 and earlier versions that stems from not blocking multiple Content-Type...

9.8CVSS8.2AI score0.00631EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.2 views

PT-2023-26332

Name of the Vulnerable Software and Affected Versions coreruleset aka OWASP ModSecurity Core Rule Set versions 3.3.4 and earlier Description The issue allows attackers to potentially bypass a Web Application Firewall WAF using a crafted payload, exploiting "Content-Type confusion" between the WAF...

9.8CVSS8.2AI score0.00631EPSS
Exploits0References11
OSV
OSV
added 2023/07/11 10:15 a.m.4 views

CVE-2023-36521

A vulnerability has been identified in SIMATIC MV540 H All versions V3.3.4, SIMATIC MV540 S All versions V3.3.4, SIMATIC MV550 H All versions V3.3.4, SIMATIC MV550 S All versions V3.3.4, SIMATIC MV560 U All versions V3.3.4, SIMATIC MV560 X All versions V3.3.4. The result synchronization server of...

7.5CVSS7.2AI score0.00524EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.6 views

PT-2023-24195 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 3.2.0 through 3.3.4 Description: A SQL injection issue was discovered in the nameFilter function, allowing an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical...

6.5CVSS6.7AI score0.00621EPSS
Exploits0References7
Gentoo Linux
Gentoo Linux
added 2023/05/21 12:0 a.m.39 views

OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

Background Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Description Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

9.8CVSS7.4AI score0.02542EPSS
Exploits1
OSV
OSV
added 2023/04/07 12:15 p.m.5 views

CVE-2023-25049

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.4 versions...

4.8CVSS7.3AI score0.00394EPSS
Exploits0References1
Rows per page
Query Builder