Lucene search
K

8 matches found

OSV
OSV
added 2021/12/14 4:15 p.m.6 views

CVE-2021-39310

The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHPSELF in the /real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2...

6.1CVSS5.8AI score0.00757EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/12/14 3:50 p.m.4 views

CVE-2021-39310 Real WYSIWYG <= 0.0.2 Reflected Cross-Site Scripting

The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHPSELF in the /real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2...

6.1CVSS6AI score0.00757EPSS
Exploits0References2
Prion
Prion
added 2015/04/21 4:59 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title...

3.5CVSS5.7AI score0.00965EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/04/21 4:0 p.m.19 views

CVE-2015-3362

Cross-site scripting XSS vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title...

5.3AI score0.00965EPSS
Exploits0References4
Drupal
Drupal
added 2015/01/14 12:0 a.m.20 views

SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)

This module enables you to upload, convert and playback videos. The module doesn't sufficiently sanitize node titles when using the video WYSIWYG plugin, thereby opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with th...

3.5CVSS5.7AI score0.00965EPSS
Exploits0References9
Prion
Prion
added 2014/01/08 3:30 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.2AI score0.01959EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/01/08 3:0 p.m.40 views

CVE-2014-1232

The CVE-2014-1232 vulnerability affects the Foliopress WYSIWYG WordPress plugin, specifically versions before 2.6.8.5. It is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary script or HTML via unspecified vectors. Multiple sources confirm the issue across NVD and...

4.3CVSS5.9AI score0.01959EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/01/08 3:0 p.m.21 views

CVE-2014-1232

Cross-site scripting XSS vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.8AI score0.01959EPSS
Exploits0References4
Rows per page
Query Builder