CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49320 – WordPress Encyclopedia / Glossary / Wiki plugin <= 1.7.60 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49320
15 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dennis Hoppe Encyclopedia / Glossary / Wiki allows Reflected XSS.This issue affects Encyclopedia / Glossary / Wiki: from n/a through 1.7.60. The Encyclopedia / Glossary / Wiki plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.7.60 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ... • https://patchstack.com/database/vulnerability/encyclopedia-lexicon-glossary-wiki-dictionary/wordpress-encyclopedia-glossary-wiki-plugin-1-7-60-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28865 – django-wiki denial of service via regular expression
https://notcve.org/view.php?id=CVE-2024-28865
18 Mar 2024 — django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users. django-wiki es un sistema wiki para Django. Las instalaciones de django-wiki anteriores a la versión 0.10.1 son vulnerables al contenido de artículos creados con fines malint... • https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19277
https://notcve.org/view.php?id=CVE-2020-19277
04 Apr 2023 — Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor. • https://github.com/phachon/mm-wiki/issues/68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19278
https://notcve.org/view.php?id=CVE-2020-19278
04 Apr 2023 — Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. • https://github.com/phachon/mm-wiki/issues/68 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42985
https://notcve.org/view.php?id=CVE-2022-42985
17 Nov 2022 — The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). La extensión ScratchLogin hasta la versión 1.1 para MediaWiki no escapa a los mensajes de error de verificación, lo que permite a los usuarios con privilegios de administrador realizar cross-site scripting (XSS). • https://github.com/InternationalScratchWiki/mediawiki-scratch-login/blob/4d2c1229b558b9cd685961274f20b621d114f4db/ScratchLogin.common.php#L104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39394
https://notcve.org/view.php?id=CVE-2021-39394
26 Aug 2022 — mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. Se ha detectado que mm-wiki versión v0.2.1, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que permite a atacantes añadir arbitrariamente cuentas de usuario y modificar la información del usuario. • https://github.com/phachon/mm-wiki/issues/316 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39393
https://notcve.org/view.php?id=CVE-2021-39393
26 Aug 2022 — mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. Se ha detectado que mm-wiki versión v0.2.1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del editor markdown. • https://github.com/phachon/mm-wiki/issues/315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46252
https://notcve.org/view.php?id=CVE-2021-46252
15 Feb 2022 — A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo RequirementsBypassPage.php de Scratch Wiki scratch-confirmaccount-v3, permite a atacantes modificar los requisitos de petición de cuentas • https://github.com/InternationalScratchWiki/scratch-confirmaccount-v3/commit/5ed5479de0a279377aa9f64362481efb4e75d8f9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25986 – Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section
https://notcve.org/view.php?id=CVE-2021-25986
23 Nov 2021 — In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript. En Django-wiki, versiones 0.0.20 a 0.7.8, son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) Almacenado en la sección de notificacio... • https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24470 – Yada Wiki < 3.4.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24470
28 Jun 2021 — The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue El plugin de WordPress Yada Wiki versiones anteriores a 3.4.1, no saneaba, comprobaba o escapaba del atributo anchor de su shortcode, conllevando a un problema de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/b01a85cc-0e45-4183-a916-19476354d5d4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •