NotCVE - vendor:"Supsystic"

Page 5 of 52 results (0.005 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-39346 – Google Maps Easy <= 1.9.33 Authenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-39346

01 Nov 2021 — The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin G... • https://github.com/BigTiger2020/word-press/blob/main/Google%20Maps%20Easy.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 3

CVE-2021-24274 – Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-24274

19 Apr 2021 — The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Ultimate Maps by Supsystic versiones anteriores a 1.2.5, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scriptin... • https://packetstorm.news/files/id/164316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 4

CVE-2021-24275 – Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-24275

19 Apr 2021 — The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin Popup de Supsystic WordPress versiones anteriores a 1.10.5, no saneaba el parámetro tab de su página options antes de mostrarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Popup plugin version 1.10.4 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/164311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 4

CVE-2021-24276 – Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-24276

19 Apr 2021 — The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Contact Form by Supsystic versiones anteriores a 1.7.15, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Contact Form plugin version 1.7.14 suffers from a cross site scriptin... • https://packetstorm.news/files/id/164308 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12076 – Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2020-12076

24 Mar 2020 — The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS. El plugin data-tables-generator-by-supsystic en versiones anteriores a la para WordPress carece de comprobaciones CSRF nonce para acciones AJAX. Una consecuencia de esto es XSS almacenado. The Data Tables Generator by Supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. • https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-the-data-tables-generator-by-supsystic-plugin • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-12075 – Data Tables Generator by Supsystic <= 1.9.91 - Missing Authorization on AJAX Actions

https://notcve.org/view.php?id=CVE-2020-12075

23 Mar 2020 — The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. El plugin data-tables-generator-by-supsystic en versiones anteriores a la 1.9.92 para WordPress carece de comprobaciones de capacidad para acciones AJAX. • https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-the-data-tables-generator-by-supsystic-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-276: Incorrect Default Permissions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-9392 – Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions

https://notcve.org/view.php?id=CVE-2020-9392

25 Feb 2020 — An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Debido a que no presenta comprobación de permisos en los endpoints ImportJSONTable, createFrom... • https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-9393 – Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2020-9393

25 Feb 2020 — An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo XSS. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-9394 – Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes

https://notcve.org/view.php?id=CVE-2020-9394

25 Feb 2020 — An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo CSRF. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18512 – Newsletter by Supsystic < 1.1.8 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2017-18512

25 May 2017 — The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. El plugin newsletter-by-supsystic versiones anteriores a 1.1.8 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/newsletter-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

1...3 4 5 6