Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:57 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify

Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS6.2AI score0.00559EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/06/27 8:15 a.m.2 views

CVE-2025-6689

The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

5.4CVSS6AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/27 12:0 a.m.7 views

WordPress plugin Pricing Tables For WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPre...

6.4CVSS7.6AI score0.0026EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.4 views

WordPress plugin Fancier Author Box by ThematoSoup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fancier Author Box by ThematoSoup plugin 1.4 and earlier versions contain a cross-site scripting...

4.8CVSS5.9AI score0.00501EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2013/02/08 12:0 a.m.5 views

PT-2013-2197

Name of the Vulnerable Software and Affected Versions Rack versions 1.4.x through 1.4.4 Rack versions 1.5.x through 1.5.1 Description The issue allows attackers to access arbitrary files outside the intended root directory via a crafted PATH INFO environment variable, probably a directory travers...

10CVSS7AI score0.35376EPSS
Exploits4References53
Rows per page
Query Builder