CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37563 – WordPress TOCHAT.BE plugin <= 1.3.0 - Unauthenticated Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37563
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TOCHAT.BE allows Stored XSS.This issue affects TOCHAT.BE: from n/a through 1.3.0. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en TOCHAT.BE permite XSS almacenado. Este problema afecta a TOCHAT.BE: desde n/a hasta 1.3.0. The TOCHAT.BE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/tochat-be/wordpress-tochat-be-plugin-1-3-0-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9354 – GigPress <= 2.3.10 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9354
The gigpress plugin before 2.3.11 for WordPress has XSS. El plugin gigpress antes de 2.3.11 para WordPress tiene XSS. The GigPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘gp-page’ parameter in versions up to, and including, 2.3.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wordpress.org/plugins/gigpress/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4608
https://notcve.org/view.php?id=CVE-2015-4608
Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la extensión BE User Log (beko_beuserlog) 1.1.1 y anteriores para TYPO3 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-007 http://www.securityfocus.com/bid/75247 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5171
https://notcve.org/view.php?id=CVE-2012-5171
Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file. Una vulnerabilidad de salto de directorio en Be Graph BeZIP antes de v3.10 permite a atacantes remotos crear o sobreescribir archivos de su elección a través de un archivo de almacenamiento modificado. • http://jvn.jp/en/jp/JVN18223913/995378/index.html http://jvn.jp/en/jp/JVN18223913/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000101 http://www.be-graph.com/bgi/product/bezip/secure1.html#en http://www.securityfocus.com/bid/56488 https://exchange.xforce.ibmcloud.com/vulnerabilities/79916 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2000-1152
https://notcve.org/view.php?id=CVE-2000-1152
Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL. • http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html •