Lucene search
K

240 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.2 views

SUSE CVE-2019-1020001

yard before 0.9.20 allows path traversal...

7.5CVSS7.5AI score0.02334EPSS
Exploits0References3
OSV
OSV
added 2023/02/08 10:15 a.m.6 views

CVE-2022-2094

The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00486EPSS
Exploits2References1
NVD
NVD
added 2023/02/08 10:15 a.m.21 views

CVE-2022-2094

The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting...

6.1CVSS6.1AI score0.00486EPSS
Exploits2References1
Prion
Prion
added 2023/02/08 10:15 a.m.18 views

Cross site scripting

The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting...

5.8CVSS6.1AI score0.00486EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/02/08 9:27 a.m.77 views

CVE-2022-2094

CVE-2022-2094 affects the Yellow Yard Searchbar WordPress plugin, versions prior to 2.8.2. Root cause: the plugin does not escape certain URL parameters before echoing them back to the user, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Exploitation details are present in connect...

6.1CVSS6AI score0.00486EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/08 9:27 a.m.6 views

CVE-2022-2094 Yellow Yard Searchbar < 2.8.2 - Reflected Cross-Site Scripting

The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting...

6.4AI score0.00486EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.7 views

WordPress plugin Yellow Yard Searchbar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS5.9AI score0.00486EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/02/07 12:0 a.m.14 views

Yellow Yard < 2.8.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC yyfilter field='"...

5.5AI score0.00467EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/02/07 12:0 a.m.151 views

Yellow Yard < 2.8.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks yyfilter field='" style=background-color:red...

5.8AI score0.00467EPSS
Exploits2
OSV
OSV
added 2023/02/01 2:15 p.m.5 views

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...

7.5CVSS5.8AI score0.00735EPSS
Exploits1References1
OSV
OSV
added 2023/02/01 2:15 p.m.6 views

CVE-2022-47715

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...

5.3CVSS5.8AI score0.00394EPSS
Exploits1References1
NVD
NVD
added 2023/02/01 2:15 p.m.23 views

CVE-2022-47715

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...

5.3CVSS5.4AI score0.00394EPSS
Exploits1References1
NVD
NVD
added 2023/02/01 2:15 p.m.47 views

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...

7.5CVSS7.5AI score0.00735EPSS
Exploits1References1
OSV
OSV
added 2023/02/01 2:15 p.m.6 views

CVE-2022-47714

Last Yard 22.09.8-1 does not enforce HSTS headers...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References1
NVD
NVD
added 2023/02/01 2:15 p.m.26 views

CVE-2022-47714

Last Yard 22.09.8-1 does not enforce HSTS headers...

9.8CVSS9.5AI score0.00607EPSS
Exploits1References1
Prion
Prion
added 2023/02/01 2:15 p.m.17 views

Hardcoded credentials

Last Yard 22.09.8-1 does not enforce HSTS headers...

7.5CVSS9.4AI score0.00607EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/02/01 2:15 p.m.25 views

Design/Logic Flaw

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...

5CVSS7.5AI score0.00735EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.9 views

CVE-2022-47715

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...

5.4AI score0.00394EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.4 views

PT-2023-15466 · Last Yard · Last Yard

Name of the Vulnerable Software and Affected Versions: Last Yard version 22.09.8-1 Description: The issue is related to the lack of enforcement of HSTS headers. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue...

9.8CVSS9.2AI score0.00607EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.30 views

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...

7.7AI score0.00735EPSS
Exploits1References1
Rows per page
Query Builder