CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34376 – WordPress Edge theme <= 2.0.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34376
03 May 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Theme Freesia Edge permite almacenar XSS. Este problema afecta a Edge: desde n/a hasta 2.0.9. The Edge theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and includi... • https://patchstack.com/database/vulnerability/edge/wordpress-edge-theme-2-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25068 – Magazine Edge <= 1.13 - Authenticated (Subscriber+) Arbitrary Plugin Activation
https://notcve.org/view.php?id=CVE-2023-25068
02 Feb 2023 — The Magazine Edge theme for WordPress is vulnerable to authorization bypass in versions up to, and including 1.13, due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins. • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10644
https://notcve.org/view.php?id=CVE-2016-10644
04 Jun 2018 — slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. slimerjs-edge es un wrapper npm para instalar la versión bleeding edge de slimerjs. slimerjs-edge descarga recur... • https://nodesecurity.io/advisories/243 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0632
https://notcve.org/view.php?id=CVE-2007-0632
31 Jan 2007 — SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. Vulnerabilidad de inyección SQL en artreplydelete.asp de ASP EDGE 1.3a y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie "nombre de usuario", vector distinto a CVE-2007-0560. • http://osvdb.org/36634 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-0560 – ASP EDGE 1.2b - 'user.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2007-0560
30 Jan 2007 — SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. Vulnerabilidad de inyección SQL en user.asp de ASP EDGE 1.2b y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro user. • https://www.exploit-db.com/exploits/3186 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3137
https://notcve.org/view.php?id=CVE-2006-3137
22 Jun 2006 — Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en productDetail.asp en Edge eCommerce Shop, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro cart_id . • http://pridels0.blogspot.com/2006/06/edge-ecommerce-shop-xss.html •