gx1

6 exploits Active since Sep 2019
CVE-2019-16223 EXPLOITDB MEDIUM text WORKING POC
WordPress < 5.2.3 - Authenticated Cross-Site Scripting in Post Preview
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
CVSS 5.4
EIP-2026-113509 EXPLOITDB javascript WORKING POC
Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection
EIP-2026-113645 EXPLOITDB text WORKING POC
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
CVE-2020-2230 EXPLOITDB MEDIUM text WORKING POC
Jenkins < 2.235.3 and < 2.251 - Stored Cross-Site Scripting in Project Naming Strategy Description
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
CVSS 5.4
CVE-2020-2229 EXPLOITDB MEDIUM text WORKING POC
Jenkins < 2.235.3 and < 2.251 - Stored Cross-Site Scripting via Help Icon Tooltip
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
CVSS 5.4
CVE-2020-2231 EXPLOITDB MEDIUM text WORKING POC
Jenkins < 2.251 and LTS < 2.235.3 - Stored Cross-Site Scripting via Remote Build Trigger
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
CVSS 5.4