CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40215 – WordPress Tabs plugin <= 3.7.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-40215
22 Sep 2022 — Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenado y Autenticado en el plugin Tabs versiones anteriores a 3.7.1 de WordPress. The Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit... • https://patchstack.com/database/vulnerability/vc-tabs/wordpress-tabs-plugin-3-7-1-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities/_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4373
https://notcve.org/view.php?id=CVE-2015-4373
15 Jun 2015 — Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group. Vulnerabilidad de XSS en el módulo OG tabs anterior a 7.x-1.1 para Drupal permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores relacionados con nodos publicados en un grupo Orga... • http://www.openwall.com/lists/oss-security/2015/04/25/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-4406
https://notcve.org/view.php?id=CVE-2013-4406
19 May 2014 — The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab. El módulo Quick Tabs 6.x-2.x anterior a 6.x-2.2, 6.x-3.x anterior a 6.x-3.2 y 7.x-3.x anterior a 7.x-3.6 para Drupal no comprueba debidamente permisos de bloque, lo que permite a atacantes remotos obtener información sensible mediante la lectura de una Quick Tab. • http://www.openwall.com/lists/oss-security/2013/10/04/14 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4531 – Game Tabs <= 0.4.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4531
25 Apr 2014 — Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter. Vulnerabilidad de XSS en main_page.php en el plugin Game tabs 0.4.0 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro n. • http://codevigilant.com/disclosure/wp-plugin-game-tabs-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 44%CPEs: 1EXPL: 4CVE-2004-1638 – TABS MailCarrier 2.51 - SMTP EHLO Overflow
https://notcve.org/view.php?id=CVE-2004-1638
16 Oct 2004 — Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command. • https://www.exploit-db.com/exploits/16822 •