Page 40 of 275 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 2

Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Pixiv Custom anterior a v2.1.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. • https://www.exploit-db.com/exploits/36185 https://sitewat.ch/en/Advisories/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 2

Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema Elegant Grunge anteriores a v1.0.4 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • https://www.exploit-db.com/exploits/36181 https://sitewat.ch/en/Advisories/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 2

Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema EvoLve anteriores a v1.2.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. • https://www.exploit-db.com/exploits/36182 https://sitewat.ch/en/Advisories/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 1

SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en ajax.php en el pluging SCORM Cloud For WordPress anteriores a v1.0.7 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro. NOTA. Algunos de estos detalles se han obtenido de información de terceros. • http://plugins.trac.wordpress.org/changeset/435356/scormcloud http://secunia.com/advisories/47198 http://wordpress.org/extend/plugins/scormcloud/changelog http://www.osvdb.org/77679 https://exchange.xforce.ibmcloud.com/vulnerabilities/71788 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0

Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en view/frontend-head.php en el complemento Flowplayer antes de v1.2.12 para WordPress, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de la URI. • http://plugins.trac.wordpress.org/changeset?reponame=&new=413607%40fv-wordpress-flowplayer&old=409594%40fv-wordpress-flowplayer http://secunia.com/advisories/46346 http://wordpress.org/extend/plugins/fv-wordpress-flowplayer/changelog http://www.securityfocus.com/bid/50008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •