Lucene search
K

120 matches found

Cvelist
Cvelist
added 2024/10/29 11:1 a.m.20 views

CVE-2024-10266 Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/01 9:29 a.m.29 views

CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00325EPSS
Exploits0References3
NVD
NVD
added 2024/06/29 2:15 a.m.24 views

CVE-2024-6405

The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floatingsocialbuttonsoption function. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2024/06/21 7:39 a.m.49 views

CVE-2024-5945

CVE-2024-5945 affects the WP SVG Images WordPress plugin, with stored XSS via the type parameter in all versions up to 4.2 due to insufficient input sanitization. Exploitation requires authentication (Author-level access or higher) and permissions to upload sanitized files. Successful abuse could...

6.4CVSS6.1AI score0.00328EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/29 6:44 a.m.8 views

CVE-2024-0609 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Unauthenticated Stored Cross-Site Scripting

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping. Th...

7.2CVSS7.3AI score0.00542EPSS
Exploits0References5
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Cross site scripting

The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

3.2CVSS6AI score0.00491EPSS
Exploits0References3
OSV
OSV
added 2024/02/20 6:56 p.m.9 views

CVE-2023-6923 Matomo <= 4.15.3 - Reflected Cross-Site Scripting via idsite

The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

6.1CVSS7AI score0.00499EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/09/20 7:15 p.m.17 views

CVE-2023-43377

A cross-site scripting XSS vulnerability in /hoteldruid/visualizzacontratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatarioemail1 parameter...

5.4CVSS6.2AI score0.00423EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/08 12:0 a.m.24 views

CVE-2023-39712

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

6.2AI score0.00583EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.13 views

CVE-2020-36711 Avada <= 6.2.2 - Authenticated (Contributor+) Cross-Site Scripting

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the updatelayout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web...

6.4CVSS6.3AI score0.00648EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.15 views

Contact Form Builder by vcita <= 4.10.2 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions...

6.1CVSS6.7AI score0.00295EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.13 views

Contact Form Builder by vcita < 4.10.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email parameter in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting higher privileged users, such as administrators, into the plugin settings. PoC...

6.4CVSS5.9AI score0.0051EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/08/09 6:14 p.m.58 views

CVE-2022-35509

CVE-2022-35509 is a Storage XSS in EyouCMS 1.5.8. The issue allows an attacker to inject a payload via the title parameter in the foreground contribution, enabling execution of arbitrary web scripts/HTML and potential exposure of sensitive information. Documents do not provide exploit code, affec...

6.1CVSS5.6AI score0.00478EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/12/14 3:50 p.m.9 views

CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

6.1CVSS6.1AI score0.00757EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/12/14 3:50 p.m.4 views

CVE-2021-42367 Variation Swatches for WooCommerce <= 2.1.1 Authenticated Stored Cross-Site Scripting

The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the /includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization...

6.4CVSS5.9AI score0.00531EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/09/10 1:34 p.m.4 views

CVE-2021-38336 Edit Comments XT <= 1.0 Reflected Cross-Site Scripting

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

6.1CVSS6.1AI score0.00895EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/07/19 12:5 p.m.25 views

CVE-2021-3279

sz.chat version 4 allows injection of web scripts and HTML in the message box...

6.7AI score0.00839EPSS
Exploits1References2
NVD
NVD
added 2019/06/20 4:15 p.m.20 views

CVE-2018-16248

b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...

6.1CVSS6AI score0.00996EPSS
Exploits1References1
CVE
CVE
added 2014/03/05 11:0 a.m.49 views

CVE-2013-6320

CVE-2013-6320 is an XSS vulnerability affecting IBM Algo One as used in MetaData Management Tools (UDS 4.7.0–5.0.0), and in Algo Security Access Control Management (ACSWeb in Algo) (4.7.0–4.9.0) and AlgoWebApps (5.0.0). The underlying issue is a cross-site scripting flaw that allows remote authen...

3.5CVSS5AI score0.00765EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2006/06/01 10:2 a.m.21 views

CVE-2006-2751

Cross-site scripting XSS vulnerability in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the itemlist parameter in search.php...

4.3CVSS5.8AI score0.01299EPSS
Exploits0References6
Rows per page
Query Builder