CVSS: 6.4EPSS: %CPEs: 1EXPL: 0CVE-2024-51830 – News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-51830
The News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0206
https://notcve.org/view.php?id=CVE-2003-0206
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines. El plugin para gkrellm gkrellm-newsticker anteriores a 0.3-3.1 permite a atacantes remotos causar una denegación de servicio (caída) mediante enlaces o elementos de título conteniendo múltiples líneas. • http://marc.info/?l=bugtraq&m=105111327000755&w=2 http://www.debian.org/security/2003/dsa-294 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0205
https://notcve.org/view.php?id=CVE-2003-0205
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI. El plugin para gkrellm gkrellm-newsticker anteriores a 0.3-3.1 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaractéres de shell en el título de la noticia de una URI. • http://marc.info/?l=bugtraq&m=105111327000755&w=2 http://www.debian.org/security/2003/dsa-294 •