Skip to main content
CVE-2018-9864 MEDIUM POC This Month

The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Live Chat
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-9857 MEDIUM POC This Month

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Match Clone Script
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-6182 MEDIUM This Month

Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mahara
NVD
CVSS 3.0
6.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy