CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51929 – WordPress Icon Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51929
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Spectrum Icon Widget allows DOM-Based XSS.This issue affects Icon Widget: from n/a through 1.1.0. The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/icon-widget-with-links/wordpress-icon-widget-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50543 – WordPress amazing neo icon font for elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50543
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amazing Team amazing neo icon font for elementor allows DOM-Based XSS.This issue affects amazing neo icon font for elementor: from n/a through 2.0.1. The amazing neo icon font for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/amazing-neo-icon-font-for-elementor/wordpress-amazing-neo-icon-font-for-elementor-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30445 – WordPress Web Icons plugin <= 1.0.0.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30445
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en GhozyLab, Inc. Web Icons permite XSS almacenado. Este problema afecta a Web Icons: desde n/a hasta 1.0.0.10. • https://patchstack.com/database/vulnerability/icon/wordpress-web-icons-plugin-1-0-0-10-cross-site-scripting-xss-vulnerability-2?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29933 – WordPress Web Icons plugin <= 1.0.0.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29933
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en GhozyLab, Inc. Web Icons permite almacenar XSS. Este problema afecta a Web Icons: desde n/a hasta 1.0.0.10. • https://patchstack.com/database/vulnerability/icon/wordpress-web-icons-plugin-1-0-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12997
https://notcve.org/view.php?id=CVE-2019-12997
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). En Loopchain hasta versión 2.2.1.3, un atacante puede escalar privilegios desde un shell de privilegios bajos mediante un cambio del entorno (también se conoce como inyección en la variable de entorno DEFAULT_SCORE_HOST). • https://github.com/icon-project/loopchain/issues/231 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •