Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through...
7.1CVSS
6.3AI Score
0.0005EPSS
The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...
6.4CVSS
5.8AI Score
0.001EPSS
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...
6.1CVSS
6AI Score
0.002EPSS
A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute...
9.8CVSS
9.4AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0...
7.1CVSS
5.9AI Score
0.001EPSS
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file...
6.9AI Score
0.006EPSS
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A...
9.8CVSS
9.5AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to...
5.9AI Score
0.002EPSS
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file...
6.8AI Score
0.004EPSS
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file...
6.9AI Score
0.005EPSS
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station...
5.9AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page...
5.7AI Score
0.003EPSS