Lucene search
K

278 matches found

Cvelist
Cvelist
added 2024/12/27 3:52 p.m.28 views

CVE-2024-56508 File Upload Vulnerability Leading to XSS in LinkAce v1.15.5

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads...

7.6CVSS0.00416EPSS
Exploits1References2
NVD
NVD
added 2024/10/17 4:15 a.m.20 views

CVE-2024-49593

In Advanced Custom Fields ACF before 6.3.9 and Secure Custom Fields before 6.3.6.3 plugins for WordPress, using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the fr...

5.3CVSS0.00516EPSS
Exploits0References4
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.158 views

Widget Bundle <= 2.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Enable the "Text Form" widget 2. Ad...

5.6AI score0.00356EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.138 views

Social Pixel <= 2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

5.6AI score0.00419EPSS
Exploits2
0day.today
0day.today
added 2024/05/13 12:0 a.m.200 views

Apache mod_proxy_cluster - Stored XSS Exploit

import requests import argparse from bs4 import BeautifulSoup from urllib.parse import urlparse, parseqs, urlencode, urlunparse from requests.exceptions import RequestException class Colors: RED = '\03391m' GREEN = '\0331;49;92m' RESET = '\0330m' def getclustermanagerurlbaseurl, path:...

5.4CVSS6.4AI score0.02242EPSS
Exploits5
OSV
OSV
added 2024/05/04 12:0 a.m.4 views

CVE-2024-34467

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...

6.1CVSS6.3AI score0.00417EPSS
Exploits1References3
wpexploit
wpexploit
added 2024/04/30 12:0 a.m.165 views

Sailthru Triggermail <= 1.1 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open: alert23' /...

8.5AI score0.00367EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.297 views

E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: E-INSUARANCE v1.0 - Stored Cross Site Scripting XSS Google Dork: NA Date: 28-03-2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html Version: v1.0...

6.8AI score
Exploits0
CVE
CVE
added 2024/03/27 12:0 a.m.68 views

CVE-2023-40287

CVE-2023-40287 affects Supermicro X11SSM-F, X11SAE-F, and X11SSE-F devices running version 1.66. The issue is a web-interface cross-site scripting (XSS) vulnerability in the X11 series’ BMC web UI, caused by inadequate protection of the web page structure, enabling remote attackers to inject arbi...

8.3CVSS6.1AI score0.00563EPSS
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.212 views

Testimonial Slider < 2.3.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Testimonial Shortcode" 2. Ad...

5.7AI score0.00442EPSS
Exploits2
OSV
OSV
added 2024/03/06 11:0 a.m.30 views

BIT-AIRFLOW-2020-17515

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...

6.1CVSS6AI score0.16028EPSS
Exploits0References9
OSV
OSV
added 2024/03/06 10:59 a.m.29 views

BIT-AIRFLOW-2021-28359 Apache Airflow Reflected XSS via Origin Query Argument in URL

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

6.1CVSS6.7AI score0.14389EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/01 4:42 p.m.5 views

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS6.7AI score0.00734EPSS
Exploits1References3
CNVD
CNVD
added 2023/12/12 12:0 a.m.5 views

DoraCMS Cross-Site Scripting Vulnerability (CNVD-2023-9750397)

DoraCMS is a software application. Based on Nodejs+eggjs+mongodb to write a content management system . A cross-site scripting XSS vulnerability exists in DoraCMS version v2.1.8. An attacker can exploit this vulnerability to execute arbitrary code by uploading a specially crafted HTML or image fi...

5.4CVSS6AI score0.0051EPSS
Exploits1References1
wpexploit
wpexploit
added 2023/09/20 12:0 a.m.150 views

Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks 1. Create a contact form 2. Embed the contact form shortcode on a post or page. 3. As an Unauthitncated user, inject the inputs for a malicious scri...

6.1CVSS6.1AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/02 12:0 a.m.126 views

FormCraft < 1.2.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. There are two XSS issues: Example A: ...

4.8CVSS6AI score0.00399EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/24 12:0 a.m.177 views

WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the "Email Options" section of t...

4.8CVSS4.7AI score0.00402EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/26 12:0 a.m.130 views

Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Insert any of the following shortcodes in a...

5.7AI score0.00485EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/25 12:0 a.m.159 views

AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot 1. Go to "Settings Language Settings ChatBot Keywords" 2. Enter...

4.8CVSS8.5AI score0.00442EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2023/04/11 3:41 p.m.19 views

govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

6.1CVSS6AI score0.005EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder