Total
28624 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35037 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues | |||||
| CVE-2013-7478 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | |||||
| CVE-2013-7479 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | |||||
| CVE-2015-9300 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. | |||||
| CVE-2012-6716 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. | |||||
| CVE-2015-9299 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. | |||||
| CVE-2018-13137 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 3.5 LOW | 4.8 MEDIUM |
| The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. | |||||
| CVE-2013-7477 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | |||||
| CVE-2015-9297 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.6 for WordPress has XSS. | |||||
| CVE-2023-46282 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2024-10-08 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. | |||||
| CVE-2024-8758 | 1 Expresstech | 1 Quiz And Survey Master | 2024-10-07 | N/A | 4.8 MEDIUM |
| The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-46278 | 2024-10-07 | N/A | 8.4 HIGH | ||
| Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. | |||||
| CVE-2024-9225 | 1 Seopress | 1 Seopress | 2024-10-07 | N/A | 6.1 MEDIUM |
| The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-9378 | 1 Icopydoc | 1 Yml For Yandex Market | 2024-10-07 | N/A | 6.1 MEDIUM |
| The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-8282 | 1 Vowelweb | 1 Ibtana | 2024-10-07 | N/A | 5.4 MEDIUM |
| The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-46409 | 2024-10-07 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page. | |||||
| CVE-2024-46077 | 2024-10-07 | N/A | 5.4 MEDIUM | ||
| itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php. | |||||
| CVE-2024-41516 | 2024-10-07 | N/A | 5.4 MEDIUM | ||
| A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter. | |||||
| CVE-2024-41515 | 2024-10-07 | N/A | 5.4 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter. | |||||
| CVE-2024-41514 | 2024-10-07 | N/A | 5.4 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter. | |||||