CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51881 – WordPress Be Shortcodes plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51881
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beautimour Be Shortcodes allows DOM-Based XSS.This issue affects Be Shortcodes: from n/a through 1.0.0. The Be Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scrip... • https://patchstack.com/database/vulnerability/be-shortcodes/wordpress-be-shortcodes-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37563 – WordPress TOCHAT.BE plugin <= 1.3.0 - Unauthenticated Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37563
09 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TOCHAT.BE allows Stored XSS.This issue affects TOCHAT.BE: from n/a through 1.3.0. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en TOCHAT.BE permite XSS almacenado. Este problema afecta a TOCHAT.BE: desde n/a hasta 1.3.0. The TOCHAT.BE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to... • https://patchstack.com/database/vulnerability/tochat-be/wordpress-tochat-be-plugin-1-3-0-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9354 – GigPress <= 2.3.10 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9354
24 Aug 2015 — The gigpress plugin before 2.3.11 for WordPress has XSS. El plugin gigpress antes de 2.3.11 para WordPress tiene XSS. The GigPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘gp-page’ parameter in versions up to, and including, 2.3.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clic... • https://wordpress.org/plugins/gigpress/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4608
https://notcve.org/view.php?id=CVE-2015-4608
16 Jun 2015 — Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la extensión BE User Log (beko_beuserlog) 1.1.1 y anteriores para TYPO3 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5171
https://notcve.org/view.php?id=CVE-2012-5171
08 Nov 2012 — Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file. Una vulnerabilidad de salto de directorio en Be Graph BeZIP antes de v3.10 permite a atacantes remotos crear o sobreescribir archivos de su elección a través de un archivo de almacenamiento modificado. • http://jvn.jp/en/jp/JVN18223913/995378/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2000-1152
https://notcve.org/view.php?id=CVE-2000-1152
19 Dec 2000 — Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL. • http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html •
CVSS: 7.8EPSS: 36%CPEs: 6EXPL: 1CVE-2000-0305 – Microsoft Windows - 'Jolt2.c' Denial of Service (MS00-029)
https://notcve.org/view.php?id=CVE-2000-0305
19 May 2000 — Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. • https://www.exploit-db.com/exploits/214 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2000-0463 – BeOS 5.0 - TCP Fragmentation Remote Denial of Service
https://notcve.org/view.php?id=CVE-2000-0463
18 May 2000 — BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets. • https://www.exploit-db.com/exploits/19938 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2000-0276 – Be BeOS 4.5/5.0 - Invalid System Call
https://notcve.org/view.php?id=CVE-2000-0276
10 Apr 2000 — BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37. • https://www.exploit-db.com/exploits/19840 •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 1CVE-2000-0279 – Be BeOS 4.0/4.5/5.0 - IP Packet Length Field
https://notcve.org/view.php?id=CVE-2000-0279
07 Apr 2000 — BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. • https://www.exploit-db.com/exploits/19841 •