unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-4487
The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins CVE project by @Sn0wAlice
Create: 2023-01-17 01:58:25 +0000 UTC Push: 2023-01-17 01:58:27 +0000 UTC |
Live-Hack-CVE/CVE-2022-4486
The Meteor Slides WordPress plugin through 1.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins CVE project by @Sn0wAlice
Create: 2023-01-17 01:58:21 +0000 UTC Push: 2023-01-17 01:58:24 +0000 UTC |
Live-Hack-CVE/CVE-2022-4484
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used ag CVE project by @Sn0wAlice
Create: 2023-01-17 01:58:17 +0000 UTC Push: 2023-01-17 01:58:20 +0000 UTC |
Live-Hack-CVE/CVE-2022-4483
The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice
Create: 2023-01-17 01:58:13 +0000 UTC Push: 2023-01-17 01:58:16 +0000 UTC |
Live-Hack-CVE/CVE-2022-4482
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high priv CVE project by @Sn0wAlice
Create: 2023-01-17 01:58:08 +0000 UTC Push: 2023-01-17 01:58:12 +0000 UTC |
Live-Hack-CVE/CVE-2022-4481
The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as CVE project by @Sn0wAlice
Create: 2023-01-17 01:58:05 +0000 UTC Push: 2023-01-17 01:58:07 +0000 UTC |
Live-Hack-CVE/CVE-2022-4480
The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins CVE project by @Sn0wAlice
Create: 2023-01-17 01:58:00 +0000 UTC Push: 2023-01-17 01:58:03 +0000 UTC |
Live-Hack-CVE/CVE-2022-4478
The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. CVE project by @Sn0wAlice
Create: 2023-01-17 01:57:55 +0000 UTC Push: 2023-01-17 01:57:59 +0000 UTC |
Live-Hack-CVE/CVE-2022-4477
The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. CVE project by @Sn0wAlice
Create: 2023-01-17 01:57:51 +0000 UTC Push: 2023-01-17 01:57:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-4476
The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. CVE project by @Sn0wAlice
Create: 2023-01-17 01:57:46 +0000 UTC Push: 2023-01-17 01:57:49 +0000 UTC |
Live-Hack-CVE/CVE-2022-4469
The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice
Create: 2023-01-17 01:57:42 +0000 UTC Push: 2023-01-17 01:57:45 +0000 UTC |
Live-Hack-CVE/CVE-2022-4464
Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such CVE project by @Sn0wAlice
Create: 2023-01-17 01:57:37 +0000 UTC Push: 2023-01-17 01:57:40 +0000 UTC |
Live-Hack-CVE/CVE-2022-4453
The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. CVE project by @Sn0wAlice
Create: 2023-01-17 01:57:32 +0000 UTC Push: 2023-01-17 01:57:36 +0000 UTC |
Live-Hack-CVE/CVE-2022-3904
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. CVE project by @Sn0wAlice
Create: 2023-01-17 01:57:28 +0000 UTC Push: 2023-01-17 01:57:31 +0000 UTC |
Live-Hack-CVE/CVE-2022-45438
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice
Create: 2023-01-16 21:33:49 +0000 UTC Push: 2023-01-16 21:33:52 +0000 UTC |
Live-Hack-CVE/CVE-2022-43721
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice
Create: 2023-01-16 21:33:45 +0000 UTC Push: 2023-01-16 21:33:48 +0000 UTC |
Live-Hack-CVE/CVE-2022-43720
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice
Create: 2023-01-16 21:33:40 +0000 UTC Push: 2023-01-16 21:33:43 +0000 UTC |
Live-Hack-CVE/CVE-2022-43719
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice
Create: 2023-01-16 21:33:37 +0000 UTC Push: 2023-01-16 21:33:39 +0000 UTC |
Live-Hack-CVE/CVE-2022-43718
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice
Create: 2023-01-16 21:33:32 +0000 UTC Push: 2023-01-16 21:33:34 +0000 UTC |
Live-Hack-CVE/CVE-2022-43717
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVE project by @Sn0wAlice
Create: 2023-01-16 21:33:29 +0000 UTC Push: 2023-01-16 21:33:31 +0000 UTC |
Previous
1059
1060
1061
1062
1063
1064
1065
1066
Next