CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24593 – Business Hours Indicator < 2.3.5 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24593
The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue El plugin Business Hours Indicator de WordPress versiones anteriores a 2.3.5, no sanea ni escapa de su configuración "Now closed message" cuando lo muestra en el backend y en el frontend, conllevando a un problema de tipo Cross-Site Scripting almacenado y autenticado. • https://wpscan.com/vulnerability/309296d4-c397-4fc7-85fb-a28b5b5b6a8d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24699 – Chamber Dashboard Business Directory < 3.3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-24699
The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. El plugin Chamber Dashboard Business Directory versión 3.2.8 para WordPress, presenta una vulnerabilidad de tipo XSS The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Cross-Site Scripting in versions before 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://l0l.xyz/sec/2020/08/31/1-wordpress-crm-xss.html https://wordpress.org/plugins/chamber-dashboard-business-directory/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19830
https://notcve.org/view.php?id=CVE-2018-19830
The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity. La función UBSexToken() de una implementación del contrato inteligente para Business Alliance Círculo Financiero (BAFC), un token de Ethereum ERC20 comercializable, permite a un atacante cambiar el propietario del contrato, ya que la función es pública (por defecto) y no comprueba la década de las personas que llaman. • https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts%28CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834%29/README.md • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4599 – WP-Business Directory <= 1.0.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4599
Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter. Múltiples vulnerabilidades de XSS en forms/search.php en el plugin WP-Business Directory (wp-ttisbdir) 1.0.2 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) edit, (2) search_term, (3) page_id, (4) page, o (5) page_links. • http://codevigilant.com/disclosure/wp-plugin-wp-ttisbdir-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2316
https://notcve.org/view.php?id=CVE-2007-2316
Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." Vulnerabilidad no especificada en el script de administración de Open Business Management (OBM) versiones anteriores a 2.0.0 permite a atacantes remotos tener un impacto desconocido al llamar al script "en modo txt desde un navegador". • http://obm.aliasource.org/changelogs/changelog-2.0.html http://osvdb.org/34899 http://secunia.com/advisories/24775 http://www.securityfocus.com/bid/23472 http://www.vupen.com/english/advisories/2007/1376 •