NotCVE - vendor:"Links"

Page 3 of 28 results (0.006 seconds)

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-1759 – RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF

https://notcve.org/view.php?id=CVE-2022-1759

The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping El plugin RB Internal Links de WordPress versiones hasta 2.0.16, no presenta comprobación de tipo CSRF cuando es actualizada su configuración, lo que podría permitir a atacantes hacer que un administrador conectado los cambie por medio de un ataque de tipo CSRF, así como llevar a cabo ataques de tipo Cross-Site Scripting Almacenado debido a una falta de saneo y escape • https://wpscan.com/vulnerability/d8e63f78-f38a-4f68-96ba-8059d175cea8 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-15863 – WP No External Links < 3.5.19 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2017-15863

Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. Existe Cross Site Scripting (XSS) en el plugin wp-noexternallinks en versiones anteriores a la 3.5.19 para WordPress mediante el parámetro date1 o date 2 en wp-admin/options-general.php. • http://lists.openwall.net/full-disclosure/2017/06/02/3 https://wordpress.org/plugins/wp-noexternallinks/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4833 – Nofollow Links <= 1.0.10 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2016-4833

Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Nofollow Links en versiones anteriores a 1.0.11 para WordPress permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN13582657/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000125 http://www.securityfocus.com/bid/92077 https://wordpress.org/plugins/nofollow-links/changelog https://wpvulndb.com/vulnerabilities/8580 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2015-5497

https://notcve.org/view.php?id=CVE-2015-5497

Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo Web Links 6.x-2.x en versiones anteriores a 6.x-2.6 y 7.x-1.x en versiones anteriores a 7.x-1.0 para Drupal, permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/07/04/4 https://www.drupal.org/node/2487542 https://www.drupal.org/node/2487548 https://www.drupal.org/node/2492209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-4388

https://notcve.org/view.php?id=CVE-2015-4388

Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query. Vulnerabilidad de XSS en el módulo Current Search Links 7.x-1.x anterior a 7.x-1.1 para Drupal, cuando la opción 'Agregue las palabras clave conseguidas del usuario a la lista' está deshabilitada, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una consulta de búsqueda manipulada. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/74357 https://www.drupal.org/node/2463493 https://www.drupal.org/node/2463843 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5