Total
28596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2222 | 1 Butlerblog | 1 Wp-members | 2024-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2023-51802 | 2024-10-28 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component. | |||||
| CVE-2024-38493 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-10-28 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | |||||
| CVE-2023-6591 | 1 Ays-pro | 1 Popup Box | 2024-10-28 | N/A | 4.8 MEDIUM |
| The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-38274 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | |||||
| CVE-2024-1752 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-1664 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-4377 | 1 Dotonpaper | 1 Dot On Paper Shortcodes | 2024-10-27 | N/A | 5.4 MEDIUM |
| The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-39143 | 1 Coderberg | 1 Residencecms | 2024-10-27 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload. | |||||
| CVE-2024-39124 | 1 Roundup-tracker | 1 Roundup | 2024-10-27 | N/A | 5.4 MEDIUM |
| In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. | |||||
| CVE-2024-29470 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. | |||||
| CVE-2024-0711 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-0420 | 1 Mappresspro | 1 Mappress Maps For Wordpress | 2024-10-27 | N/A | 5.4 MEDIUM |
| The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-7082 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. | |||||
| CVE-2024-42412 | 1 Elecom | 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more | 2024-10-27 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. | |||||
| CVE-2024-42055 | 1 Cervantessec | 1 Cervantes | 2024-10-27 | N/A | 5.4 MEDIUM |
| Cervantes through 0.5-alpha allows stored XSS. | |||||
| CVE-2024-42020 | 1 Veeam | 1 One | 2024-10-27 | N/A | 5.4 MEDIUM |
| A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection. | |||||
| CVE-2024-2278 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-34562 | 2024-10-27 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box. | |||||
| CVE-2022-34560 | 2024-10-27 | N/A | 7.1 HIGH | ||
| A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter. | |||||