Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.7 views

CVE-2024-34567

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29...

5.9CVSS6.7AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 2025/01/24 5:25 p.m.73 views

CVE-2025-24746

CVE-2025-24746 is a stored Cross-Site Scripting vulnerability in the WordPress plugin Popup Maker (versions

6.5CVSS7.2AI score0.00296EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/17 6:0 a.m.18 views

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks...

5.8AI score0.00312EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.137 views

Link Library < 7.4.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install the plugin and go to:...

4.8CVSS0.6AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/07 12:0 a.m.453 views

Login with Cognito < 1.4.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Cognito Login » Configure OAuth", and a...

4.8CVSS0.1AI score0.00532EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/11/30 12:0 a.m.22 views

Sliderby10Web < 1.2.53 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Slider » Sliders" and edit one of...

4.8CVSS1.1AI score0.00532EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/11/30 12:0 a.m.150 views

Sliderby10Web < 1.2.53 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Slider » Sliders" and edit one of the...

4.8CVSS4.8AI score0.00532EPSS
Exploits2
Huntr
Huntr
added 2022/04/30 1:51 a.m.11 views

Cross-site Scripting (XSS) - Stored

Description I am able to bypass the fix in the report https://huntr.dev/bounties/4f7be1e2-b844-4def-af9f-136dcce1c349/ which caused the XSS vulnerability. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2015/03/20 9:32 p.m.22 views

Phabricator: XSS with Time-of-Day Format

Go to your user preferences - Put the following into Time-of-Day Format with the quote: '' - Open a repository diffusion - XSS-Popup The repository file-overview is the only place where I could see the XSS so far. Because it's a user own preference, it is not easy to actually do something...

0.7AI score
Exploits0
Rows per page
Query Builder