2 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in PickPlugins Tabs & Accordion allows Code Injection.This issue affects Tabs & Accordion: from n/a through 1.3.10. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en PickPlugins Tabs & Accordion permite la inyección de código. Este problema afecta a Tabs & Accordion: desde n/a hasta 1.3.10. The Tabs & Accordion plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.10. The cause of this vulnerability is undisclosed at this time. • https://patchstack.com/database/vulnerability/tabs/wordpress-tabs-accordion-plugin-1-3-8-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Almacenado y Autenticado en el plugin Tabs versiones anteriores a 3.7.1 de WordPress. The Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with high-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/vc-tabs/wordpress-tabs-plugin-3-7-1-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities/_s_id=cve https://wordpress.org/plugins/vc-tabs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •