Lucene search
K

57 matches found

CNNVD
CNNVD
added 2022/03/25 12:0 a.m.3 views

Maccms 跨站脚本漏洞

Maccms is a PHP-based film and television content management system CMS. v10 version of Maccms is vulnerable to a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in the select and input parameters in...

6.1CVSS5.1AI score0.00547EPSS
Exploits1References2
OSV
OSV
added 2021/09/10 2:15 p.m.5 views

CVE-2021-38347

The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the /views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2...

6.1CVSS6.4AI score0.00908EPSS
Exploits1References2
Prion
Prion
added 2021/09/10 2:15 p.m.13 views

Cross site scripting

The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the /views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2...

4.3CVSS6.1AI score0.00908EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/09/10 1:34 p.m.3 views

CVE-2021-38347 Custom Website Data <= 2.2 Reflected Cross-Site Scripting

The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the /views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2...

6.1CVSS6.1AI score0.00908EPSS
Exploits1References2
CVE
CVE
added 2021/09/10 1:34 p.m.37 views

CVE-2021-38347

CVE-2021-38347 concerns the WordPress plugin Custom Website Data (&lt;= 2.2). The vulnerability is a Reflected Cross-Site Scripting (XSS) via the id parameter in the file ~/views/edit.php, enabling an attacker to inject arbitrary web scripts. Affected release range is up to and including 2.2. NVD...

6.1CVSS6AI score0.00908EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/09/10 1:34 p.m.31 views

CVE-2021-38347 Custom Website Data <= 2.2 Reflected Cross-Site Scripting

The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the /views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2...

6.1CVSS6.2AI score0.00908EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.3 views

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Custom Website Data, which stems from a lack of proper validation of client-side data in the web application. An attacker can exploit this vulnerability to...

6.1CVSS6.1AI score0.00866EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.4 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

6.1CVSS6.1AI score0.00908EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.13 views

Custom Website Data <= 2.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the /views/edit.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00908EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.14 views

WordPress Custom Website Data plugin <= 2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom Website Data plugin versions = 2.2. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.8AI score0.00908EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/04/02 6:15 p.m.24 views

CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete...

3.3CVSS0.0036EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2021/04/02 5:44 p.m.53 views

CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete...

3.3CVSS5.5AI score0.0036EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/04/02 5:44 p.m.35 views

CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete...

3.3CVSS5.5AI score0.0036EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/12/31 12:0 a.m.38 views

CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete...

3.3CVSS6.7AI score0.0036EPSS
Exploits0References3
Veracode
Veracode
added 2020/10/01 3:52 a.m.27 views

Information Disclosure

webkitgtk4 is vulnerable to information disclosure. The vulnerability exists as the Clear History and Website Data does not properly clear history...

5.3CVSS0.7AI score0.01581EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2020/05/10 12:0 a.m.1 views

On the Way Thesis Detection System is Vulnerable to Information Leakage

Founded in 2017, Chengdu On the Way Technology Limited Liability Company is a company that specializes in information system integration services, integrated circuit design, communication equipment excluding wireless radio and television transmission and satellite ground receiving equipment,...

6.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/03/23 8:54 a.m.3 views

Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

The Mozilla Foundation Security Advisory describes this flaw as: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it...

8.8CVSS7.4AI score0.03191EPSS
Exploits1References5
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.18 views

CVE-2019-8768

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items...

5.7AI score0.01581EPSS
Exploits0References2
OSV
OSV
added 2019/07/09 9:15 p.m.2 views

CVE-2019-13380

KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault...

6.1CVSS6.6AI score0.0081EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/07/09 8:36 p.m.21 views

CVE-2019-13380

KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault...

6AI score0.0081EPSS
Exploits0References2
Rows per page
Query Builder