Page 4 of 28 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. El plugin syndication-links versiones anteriores a 1.0.3 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del identificador de anclaje del archivo genericons/example.html. The Syndication Links plugin for WordPress is vulnerable to DOM-based Cross-Site Scripting via the genericons/example.html anchor identifier in versions up to 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wordpress.org/plugins/syndication-links/#developers https://wpvulndb.com/vulnerabilities/7981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la extensión External links click statistics (outstats) 0.0.3 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir parameter. Vulnerabilidad de XSS en inpage.tpl.php en el plugin Keyword Strategy Internal Links 2.0 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) sort, (2) search, o (3) dir. • http://codevigilant.com/disclosure/wp-plugin-keyword-strategy-internal-links-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el archivo comments.php en WSN Links 2.20 que permite a los atacantes remoto, ejecutar arbitrariamente comandos SQL a través del parámetro id. • https://www.exploit-db.com/exploits/6525 http://www.securityfocus.com/bid/31302 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable. Una vulnerabilidad de inyección SQL en el archivo vote.php en WSN Links versiones 2.22 y 2.23, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro id. NOTA: más tarde se reportó que la versión 2.34 también es vulnerable. • https://www.exploit-db.com/exploits/6524 http://www.securityfocus.com/bid/31305 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •