CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12781 – Aurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import
https://notcve.org/view.php?id=CVE-2024-12781
06 Jan 2025 — The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite content with imported demo content. El tema Aurum - WordPress & WooCommerce Shopping Theme para WordPress es vulnerable a la modificación no autori... • https://documentation.laborator.co/kb/aurum/aurum-release-notes • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24075
https://notcve.org/view.php?id=CVE-2020-24075
11 Aug 2023 — Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. • https://documentation.laborator.co/kb/kalium/kalium-changelog/#version-3-0-4-jun-23-2020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23576
https://notcve.org/view.php?id=CVE-2020-23576
27 Aug 2020 — Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. El panel Laborator Neon versión v3 está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenado por medio de la pestaña de chat • https://vimeo.com/427083932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13890
https://notcve.org/view.php?id=CVE-2020-13890
06 Jun 2020 — The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. El tema Neon versión 2.0 antes del 03-06-2020 para Bootstrap, permite un ataque de tipo XSS, por medio de una operación Add Task Input en un panel de control • https://jizen0x01.blogspot.com/2020/06/neon-dashboard-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14010 – Xenon - Bootstrap Admin Theme with AngularJS <= 1.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-14010
26 Mar 2020 — The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. El tema Laborator Xenon versión 1.3 para WordPress, permite un ataque de tipo XSS Reflejado por medio del parámetro q del archivo data/typeahead-generate.php (también se conoce como name) • https://knassar702.github.io/cve/xenon • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 14%CPEs: 1EXPL: 1CVE-2019-20141 – Neon - Bootstrap Admin Theme <= 2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-20141
01 Dec 2019 — An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. Se descubrió un problema de tipo XSS en el tema Laborator Neon versión 2.0 para WordPress, por medio del parámetro q del archivo data/autosuggest-remote.php. • https://knassar702.github.io/cve/neon • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •