Lucene search
K

2019 matches found

CVE
CVE
added 2024/09/07 4:11 p.m.66 views

CVE-2024-42020

CVE-2024-42020 is an XSS in Veeam ONE Reporter Widgets that allows HTML injection. Affected product appears to be Veeam ONE 12.x (Reporter Widgets in 12.1.0.3208 and earlier). The root cause is improper handling of widget content enabling HTML/Script execution within the UI. Impact details in sou...

7.3CVSS6.5AI score0.00384EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/07 4:11 p.m.23 views

CVE-2024-42020

A Cross-site-scripting XSS vulnerability exists in the Reporter Widgets that allows HTML injection...

7.3CVSS0.00384EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-6313 · Veeam · Veeam One

Name of the Vulnerable Software and Affected Versions: Veeam ONE version le12.1.0.3208 Description: A Cross-site-scripting XSS vulnerability exists in the Reporter Widgets, allowing HTML injection. This vulnerability can be exploited by a remote attacker to execute arbitrary HTML code...

9CVSS9.3AI score0.00384EPSS
Exploits0References11
Cvelist
Cvelist
added 2024/08/30 6:52 a.m.43 views

CVE-2024-8016 The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...

9.1CVSS0.00748EPSS
Exploits0References3
CVE
CVE
added 2024/08/30 6:52 a.m.52 views

CVE-2024-8016

CVE-2024-8016 affects The Events Calendar Pro for WordPress. The vulnerability is a PHP Object Injection via deserialization of untrusted input from the widgets’ filters parameter, enabling an attacker with administrator-level access (and in some configs, even lower-privilege users) to inject a P...

9.1CVSS8.3AI score0.00748EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/30 12:32 a.m.5 views

Malicious code in copilot-web-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fbb28669371353c111a05f7fb6bb2803179610b8ccec893590a34d2343e90fc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
NVD
NVD
added 2024/08/27 11:15 a.m.27 views

CVE-2024-7791

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00311EPSS
Exploits0References5
Microsoft KB
Microsoft KB
added 2024/08/27 12:0 a.m.4 views

August 27, 2024—KB5041865 (OS Build 26100.1591) Preview

August 27, 2024—KB5041865 OS Build 26100.1591 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.Note Follow @WindowsUpdate to find out when new content is published to the Windows release health...

6.4AI score
Exploits0
OSV
OSV
added 2024/08/24 3:15 a.m.5 views

CVE-2024-2254

The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/24 12:0 a.m.2 views

WordPress plugin RT Easy Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS5.9AI score0.00248EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/08/23 9:15 a.m.2 views

CVE-2024-5502

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00303EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/08/23 8:29 a.m.17 views

CVE-2024-5502 Piotnet Addons For Elementor <= 2.4.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.4 views

PT-2024-19475 · WordPress · Easybuilder

Name of the Vulnerable Software and Affected Versions: RT Easy Builder – Advanced addons for Elementor plugin for WordPress versions up to, and including, 2.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and outpu...

6.4CVSS5.9AI score0.00248EPSS
Exploits0References8
NVD
NVD
added 2024/08/22 3:15 a.m.23 views

CVE-2024-5583

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carouseldirection parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input...

6.4CVSS0.00248EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/22 2:2 a.m.7 views

CVE-2024-5583 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carouseldirection parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.5 views

PT-2024-30067 · Pligg Cms · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the /admin/admin widgets.php endpoint with specific parameters: action=remove and widget=Statistics. This...

8.8CVSS6.8AI score0.00279EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.5 views

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminwidgets.php?action=install&widget=akismet does not adequately verify that the request is from a trusted use...

8.8CVSS7AI score0.00279EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.7 views

PT-2024-30066 · Pligg Cms · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A Cross-Site Request Forgery CSRF issue was found in Pligg CMS. The vulnerability can be exploited via the /admin/admin widgets.php endpoint with specific parameters: action=install and widget=akismet. Thi...

8.8CVSS6.7AI score0.00279EPSS
Exploits1References7
CVE
CVE
added 2024/08/19 5:41 p.m.66 views

CVE-2024-43271

CVE-2024-43271 is a Path Traversal vulnerability in Woo Products Widgets For Elementor that enables PHP Local File Inclusion. It affects Woo Products Widgets For Elementor versions up to 2.0.0 and is listed as an authenticated (Contributor+) LFI exposure in public advisories. The root cause is im...

8.5CVSS8.7AI score0.00552EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/19 12:0 a.m.4 views

WordPress plugin Woo Products Widgets For Elementor 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

8.5CVSS6.7AI score0.00552EPSS
Exploits0References2
Rows per page
Query Builder