Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.10 views

CVE-2026-1187

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 7:16 a.m.11 views

CVE-2026-1187

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00245EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.2 views

CVE-2026-1187 ZoomifyWP Free <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.12 views

PT-2026-8071

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-3889

Malware in sbrugna...

4.3CVSS6.4AI score0.01263EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-26914

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/07 2:33 p.m.3 views

CVE-2025-58863

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...

6.5CVSS5.9AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2025/09/05 2:16 p.m.16 views

CVE-2025-58863

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...

6.5CVSS0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/05 1:45 p.m.11 views

CVE-2025-58863 WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...

6.5CVSS0.00154EPSS
Exploits0References1
CVE
CVE
added 2025/09/05 1:45 p.m.15 views

CVE-2025-58863

CVE-2025-58863 relates to a stored XSS in the Zoomify embed for WordPress plugin. Affected software: Zoomify embed for WP, including versions up to and including 1.5.2. The root cause is improper input neutralization during web page generation. Impact is cross-site scripting which can be exploite...

6.5CVSS5.9AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/05 1:45 p.m.3 views

CVE-2025-58863 WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...

6.5CVSS5.9AI score0.00154EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/05 1:41 p.m.5 views

WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Zoomify embed for WP versions = 1.5.2...

6.5CVSS6AI score0.00154EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.4 views

PT-2025-36202

Name of the Vulnerable Software and Affected Versions: SdeWijs Zoomify embed for WP versions through 1.5.2 Description: The software contains a Stored Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for the injection of malicious...

6.5CVSS5.8AI score0.00154EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.4 views

WordPress plugin Zoomify embed for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

6.5CVSS5.8AI score0.00154EPSS
Exploits0References1
Prion
Prion
added 2009/11/09 5:30 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title...

4.3CVSS6.2AI score0.01263EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2009/11/09 5:30 p.m.12 views

CVE-2009-3918

Cross-site scripting XSS vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title...

4.3CVSS5.7AI score0.01263EPSS
Exploits0References7
Cvelist
Cvelist
added 2009/11/09 5:0 p.m.22 views

CVE-2009-3918

Cross-site scripting XSS vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title...

5.7AI score0.01263EPSS
Exploits0References7
CVE
CVE
added 2009/11/09 5:0 p.m.35 views

CVE-2009-3918

The CVE applies to the Drupal Zoomify module. Affected versions are Zoomify 5.x before 5.x-2.2 and 6.x before 6.x-1.4. Root cause is a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the node title. Impact, as stated, is that attack...

4.3CVSS5.8AI score0.01263EPSS
Exploits0References7Affected Software1
Drupal
Drupal
added 2009/11/04 12:0 a.m.15 views

SA-CONTRIB-2009-098 - Zoomify - Cross Site Scripting

The Zoomify module integrates the Zoomify Flash applet into Drupal which can be used to pan and zoom on large images. Images are first preprocessed in order for Zoomify to work. The module fails to sanitize a value in the node title, leading to a Cross Site Scripting XSS vulnerability. Versions...

6.4AI score
Exploits0References7
NVD
NVD
added 2007/06/11 10:30 p.m.13 views

CVE-2007-2920

Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors...

9.3CVSS7.8AI score0.06506EPSS
Exploits0References6
Rows per page
Query Builder