Show filters
356 Total Results
Displaying 191-200 of 356
Sort by:
Attacker Value
Unknown

CVE-2019-16523

Disclosure Date: October 16, 2019 (last updated October 09, 2024)
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17434

Disclosure Date: October 10, 2019 (last updated November 27, 2024)
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-16261

Disclosure Date: September 12, 2019 (last updated November 27, 2024)
Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16168

Disclosure Date: September 09, 2019 (last updated November 08, 2023)
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2012-6716

Disclosure Date: August 22, 2019 (last updated October 09, 2024)
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
0
0
Attacker Value
Unknown

CVE-2013-7477

Disclosure Date: August 22, 2019 (last updated October 09, 2024)
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
0
0
Attacker Value
Unknown

CVE-2013-7479

Disclosure Date: August 22, 2019 (last updated October 09, 2024)
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
0
0
Attacker Value
Unknown

CVE-2013-7480

Disclosure Date: August 22, 2019 (last updated October 09, 2024)
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
0
0
Attacker Value
Unknown

CVE-2013-7478

Disclosure Date: August 22, 2019 (last updated October 09, 2024)
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
0
0
Attacker Value
Unknown

CVE-2015-9298

Disclosure Date: August 13, 2019 (last updated October 09, 2024)
The events-manager plugin before 5.6 for WordPress has code injection.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >