Lucene search
K

91 matches found

OpenVAS
OpenVAS
added 2021/10/24 12:0 a.m.25 views

Fedora: Security Advisory for vim (FEDORA-2021-84f4cf3244)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.2CVSS8AI score0.01749EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/10/02 12:0 a.m.15 views

Fedora: Security Advisory for vim (FEDORA-2021-e982f972f2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS7.7AI score0.00735EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/09/09 12:0 a.m.19 views

Fedora: Security Advisory for vim (FEDORA-2021-5fa81a2b04)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS7.7AI score0.00735EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/04/12 12:0 a.m.19 views

Wordpress plugin Controlled Admin Access 访问控制错误漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in multiple Wordpress plugins that allows an attacker to use this endpoint to add arbitrary data to predefined options in the wpoptions table. The following products and versions are affected: The...

5.3CVSS5.9AI score0.02076EPSS
Exploits2References3
Prion
Prion
added 2020/08/10 10:15 p.m.19 views

Cross site scripting

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

4.3CVSS6AI score0.01317EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/08/10 9:35 p.m.69 views

CVE-2020-15139

In MyBB (pre-1.8.24), the custom MyCode (BBCode) for the visual editor does not escape input when rendering HTML, causing a DOM-based XSS. Exploitation involves a victim visiting a page with the visual editor active (e.g., a post or Private Message) containing malicious MyCode, potentially on con...

8.8CVSS6.3AI score0.01317EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/08/10 12:0 a.m.4 views

PT-2020-14219 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.24 Description: The issue arises from improper input escaping in the custom MyCode for the visual editor, leading to a DOM-based XSS vulnerability. This can be exploited by directing a victim to a page with the visu...

8.8CVSS5.9AI score0.01317EPSS
Exploits0References7
exploitpack
exploitpack
added 2018/09/24 12:0 a.m.71 views

MyBB Visual Editor 1.8.18 - Cross-Site Scripting

MyBB Visual Editor 1.8.18 - Cross-Site Scripting Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE:...

3.5CVSS0.2AI score0.74752EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/09/24 12:0 a.m.30 views

MyBB Visual Editor 1.8.18 - Cross-Site Scripting

Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE: CVE-2018-17128 Description: Attacker can run JavaScript...

5.4CVSS5.5AI score0.74752EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/09/22 12:0 a.m.52 views

MyBB Visual Editor 1.8.18 Cross Site Scripting

Title: MyBB Visual Editor Stored XSS YLOADhttp://victim.com/video 4- Post the thread. While victim user replying your post, his browser will run JavaScript. Vulnerable pages: editpost.php newreply.php private.php and all Visual Editor embedded pages. // for secure days...

0.2AI score0.74752EPSS
Exploits5
NVD
NVD
added 2018/09/17 4:29 a.m.29 views

CVE-2018-17128

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...

5.4CVSS5.2AI score0.74752EPSS
Exploits5References2
Prion
Prion
added 2018/09/17 4:29 a.m.18 views

Cross site scripting

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...

3.5CVSS5.1AI score0.74752EPSS
Exploits5References2Affected Software1
OSV
OSV
added 2018/09/17 4:29 a.m.3 views

CVE-2018-17128

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...

5.4CVSS5.8AI score0.74752EPSS
Exploits5References2
CVE
CVE
added 2018/09/17 4:0 a.m.69 views

CVE-2018-17128

Summary: CVE-2018-17128 affects MyBB’s Visual Editor (pre-1.8.19). The issue is a persistent XSS introduced through the Video MyCode in posts, enabling attacker-controlled JavaScript execution in a victim’s browser when replying to a thread. The vulnerability is tied to the Video or videotype han...

5.4CVSS5AI score0.74752EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/09/17 4:0 a.m.34 views

CVE-2018-17128

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...

5.1AI score0.74752EPSS
Exploits5References2
CNVD
CNVD
added 2018/09/17 12:0 a.m.4 views

MyBB Cross-Site Scripting Vulnerability (CNVD-2018-19562)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is easy to use , multi-language support , scalable , etc. Visual Editor is one of the HTML editor component . A cross-site scripting vulnerability exists in Visual Editor in...

5.4CVSS5.2AI score0.74752EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2018/09/11 12:0 a.m.492 views

mybb -- vulnerabilities

mybb Team reports: High risk: Email field SQL Injection. Medium risk: Video MyCode Persistent XSS in Visual Editor. Low risk: Insufficient permission check in User CP’s attachment management. Low risk: Insufficient email address verification...

3.3AI score
Exploits0References1
CNVD
CNVD
added 2017/12/04 12:0 a.m.4 views

Squiz Matrix Matrix WYSIWYG plugin cross-site scripting vulnerability

Squiz Matrix is an enterprise content management system from Squiz Australia.Matrix WYSIWYG plugins is a WYSIWYG editor plugin used in it. A cross-site scripting vulnerability exists in the Matrix WYSIWYG plugin in Squiz Matrix versions prior to 5.3.6.1 and 5.4.x versions prior to 5.4.1.3. A remo...

6.1CVSS6.1AI score0.00602EPSS
Exploits0References1
OSV
OSV
added 2017/11/30 2:29 a.m.4 views

CVE-2017-14197

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...

6.1CVSS5.8AI score0.00602EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2017/09/28 12:0 a.m.1 views

WordPress Visual Editor Cross Site Scripting

A cross-site scripting vulnerability exists in WordPress Visual Editor. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.8AI score
Exploits0
Rows per page
Query Builder