CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51677 – WordPress Knowledge Base plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51677
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WebberZone Knowledge Base allows Stored XSS.This issue affects Knowledge Base: from n/a through 2.2.0. The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/knowledgebase/wordpress-knowledge-base-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-5088 – PHPKB 1.5 Professional - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-5088
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909. Múltiples vulnerabilidades de inyección SQL en PHPKB Knowledge Base Software v1.5 Professional permiten a atacantes remotos ejecutar comandos SQL de su elección a tra´ves del parámetro "ID" de (1) email.php y (2) question.php, un vector diferente que CVE-2008-1909. • https://www.exploit-db.com/exploits/6510 https://www.exploit-db.com/exploits/12561 http://securityreason.com/securityalert/4599 http://www.securityfocus.com/bid/31279 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •