Lucene search
+L

230 matches found

CNNVD
CNNVD
added 2025/04/24 12:0 a.m.6 views

SAP NetWeaver Visual Composer Metadata Uploader 代码问题漏洞

SAP NetWeaver Visual Composer Metadata Uploader is a tool for modeling assistance from SAP. A file upload vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader. The vulnerability is due to an unauthenticated agent uploading potentially malicious executable binaries because the...

10CVSS7.1AI score0.99406EPSS
Exploits18References2
OSV
OSV
added 2025/04/22 10:15 a.m.1 views

CVE-2025-46254

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0...

5.4CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/04/22 10:15 a.m.17 views

CVE-2025-46254

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.10.0...

6.5CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2025/04/22 9:53 a.m.64 views

CVE-2025-46254

CVE-2025-46254 affects the Visual Composer Website Builder WordPress plugin (versions through 45.10.0). The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Exploitation could occur via stored inputs that are rendere...

6.5CVSS7.2AI score0.00194EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/22 9:53 a.m.9 views

CVE-2025-46254 WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.10.0...

6.5CVSS7.2AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/22 9:53 a.m.27 views

CVE-2025-46254 WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through = 45.10.0...

6.5CVSS0.00194EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/04/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer...

7.5CVSS7.6AI score0.05513EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/04/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries...

10CVSS7.2AI score0.99406EPSS
Exploits18References1
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.7 views

PT-2025-17518 · Unknown · Visual Composer Website Builder

Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder versions through 45.10.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables attackers to...

6.5CVSS6.8AI score0.00194EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.5 views

WordPress plugin Visual Composer Website Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...

6.5CVSS6.6AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:33 a.m.6 views

CVE-2024-5709

The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layoutname' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an...

8.8CVSS7.7AI score0.01021EPSS
Exploits0References1
NVD
NVD
added 2024/11/21 11:15 a.m.10 views

CVE-2024-10172

The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS0.00492EPSS
Exploits0References3
OSV
OSV
added 2024/11/21 11:15 a.m.4 views

CVE-2024-10172

The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

5.4CVSS5.9AI score0.00492EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/21 2:6 a.m.14 views

CVE-2024-10172 WPBakery Visual Composer WHMCS Elements <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via void_wbwhmcse_laouts_search Shortcode

The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS5.8AI score0.00492EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/20 12:0 a.m.12 views

WordPress WPBakery Visual Composer WHMCS Elements Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WPBakery Visual Composer WHMCS Elements Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10172 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 30c8a799718e Credits...

6.4CVSS5.7AI score0.00492EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.7 views

PT-2024-16086 · WordPress · Wpbakery Visual Composer Whmcs Elements

Name of the Vulnerable Software and Affected Versions: WPBakery Visual Composer WHMCS Elements plugin for WordPress versions up to, and including, 1.0.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS7.8AI score0.00492EPSS
Exploits0References5
NVD
NVD
added 2024/08/18 10:15 p.m.12 views

CVE-2024-43263

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3...

6.5CVSS0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/08/18 10:15 p.m.5 views

CVE-2024-43263

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3...

6.5CVSS5.2AI score0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/18 9:21 p.m.14 views

CVE-2024-43263 WordPress Visual Composer Starter theme <= 3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3...

6.5CVSS6.8AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2024/08/18 9:21 p.m.47 views

CVE-2024-43263

Technical details about CVE-2024-43263 are not provided in the supplied Connected documents. Public sources in Initial document describe Stored XSS in Visual Composer Starter version up to 3.3, but no concrete exploit specifics, mitigations, or affected product/version beyond that.

6.5CVSS6.4AI score0.00239EPSS
Exploits0References1
Rows per page
Query Builder