Page 93 of 701 results (0.016 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cached_image.php en el plugin Featurific For WordPress v1.6.2 para WordPress permite a atacantes remotos insertar secuencias de comandos web arbitrarias o código HTML a través del parámetro "snum". NOTA: esta vulnerabilidad está siendo discutida por terceros. • https://www.exploit-db.com/exploits/36339 http://archives.neohapsis.com/archives/bugtraq/2012-04/0120.html http://osvdb.org/77337 http://www.securityfocus.com/archive/1/520625/100/0/threaded http://www.securityfocus.com/bid/50779 https://exchange.xforce.ibmcloud.com/vulnerabilities/71468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3

Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en clickdesk.php en el plugin ClickDesk Live Support - Live Chat 2.0 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro cdwidgetid. NOTA: algunos detalles se han obtenido de información de terceros. Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. • https://www.exploit-db.com/exploits/36338 http://osvdb.org/77338 http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog http://www.securityfocus.com/archive/1/520624/100/0/threaded http://www.securityfocus.com/bid/50778 https://exchange.xforce.ibmcloud.com/vulnerabilities/71469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en post_alert.php en el plugin Alert Before Your Post, posiblemente v0.1.1 y anteriores, para Wordpress que permite a atacantes remotos inyectar código web o HTML arbitrario a través del nombre de un parámetro. • https://www.exploit-db.com/exploits/36323 http://www.securityfocus.com/archive/1/520590/100/0/threaded http://www.securityfocus.com/bid/50743 https://exchange.xforce.ibmcloud.com/vulnerabilities/71413 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 1

Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wpsc-admin/display-sales-logs.php en el plugin para Wordpress e-Commerce v3.8.7.1 y posiblemente anteriores que permite a atacantes remotos inyectar código web o HTML arbitrario a través del parámetro custom_text. NOTA: algunos de estos detalles son obtenidos de información de terceras partes. • http://osvdb.org/77249 http://plugins.trac.wordpress.org/changeset?reponame=&new=463447%40wp-e-commerce&old=463446%40wp-e-commerce http://secunia.com/advisories/46957 http://wordpress.org/extend/plugins/wp-e-commerce/changelog http://www.securityfocus.com/bid/50757 https://exchange.xforce.ibmcloud.com/vulnerabilities/71443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 3

Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. Vulnerabilidad de ejecución de comandos remotos en sitios cruzados (XSS) en edit-post.php en el plugin Flexible Custom Post Type anterior a 0.1.7 para Wordpress que permite a atacantes remotos inyectar código web o HTML arbitrario a través del parámetro id. • https://www.exploit-db.com/exploits/36317 http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog http://www.securityfocus.com/archive/1/520542/100/0/threaded http://www.securityfocus.com/bid/50719 https://exchange.xforce.ibmcloud.com/vulnerabilities/71415 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •