CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22772 – WordPress Mapbox for WP Advanced Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22772
14 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mapbox for WP Advanced allows Reflected XSS. This issue affects Mapbox for WP Advanced: from n/a through 1.0.0. The Mapbox for WP Advanced plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in p... • https://patchstack.com/database/wordpress/plugin/mapbox-for-wp-advanced/vulnerability/wordpress-mapbox-for-wp-advanced-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38216
https://notcve.org/view.php?id=CVE-2022-38216
16 Aug 2022 — An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process. Se presenta un desbordamiento de enteros en la biblioteca de código cerrado gl-native de Mapbox versiones anteriores a 10.6.1, que es incluida con varios productos de Map... • https://github.com/mapbox/mapbox-maps-android/releases/tag/android-v10.6.1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10695
https://notcve.org/view.php?id=CVE-2016-10695
04 Jun 2018 — The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. El modulo npm-test-sqlite3-trunk proporciona enlaces SQLite3 asíncronos sin bloqueo. npm-test-sqlit... • https://nodesecurity.io/advisories/297 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 1CVE-2017-1000042
https://notcve.org/view.php?id=CVE-2017-1000042
13 Jul 2017 — Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. MapBox.js versiones 1.x anterior a 1.6.5 y 2.x anterior a 2.1.7, son vulnerables a un ataque de tipo cross-site-scripting en ciertos escenarios de uso poco común por medio del Nombre TileJSON. • https://hackerone.com/reports/54327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-1000043
https://notcve.org/view.php?id=CVE-2017-1000043
13 Jul 2017 — Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control MapBox.js versiones 1.x anterior a 1.6.6 y 2.x anterior a 2.2.4, son vulnerables a un ataque de tipo cross-site-scripting en ciertos escenarios de uso poco común por medio del nombre TileJSON y el control de mapa compartido. • https://hackerone.com/reports/99245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •