Total
37647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-56226 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-03-21 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | |||||
| CVE-2024-56062 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-03-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.987. | |||||
| CVE-2024-44683 | 1 Seacms | 1 Seacms | 2025-03-20 | N/A | 6.1 MEDIUM |
| Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | |||||
| CVE-2024-41937 | 1 Apache | 1 Airflow | 2025-03-20 | N/A | 6.1 MEDIUM |
| Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link. Users should upgrade to 2.10.0 or later, which fixes this vulnerability. | |||||
| CVE-2024-40599 | 1 Mediawiki | 1 Mediawiki | 2025-03-20 | N/A | 4.8 MEDIUM |
| An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | |||||
| CVE-2024-38953 | 1 Phpok | 1 Phpok | 2025-03-20 | N/A | 6.1 MEDIUM |
| phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. | |||||
| CVE-2023-22376 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2025-03-20 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. | |||||
| CVE-2022-4759 | 1 Liquidweb | 1 Gigpress | 2025-03-20 | N/A | 5.4 MEDIUM |
| The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4580 | 1 Twenty20 Project | 1 Twenty20 | 2025-03-20 | N/A | 5.4 MEDIUM |
| The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4562 | 1 Mekshq | 1 Meks Flexible Shortcodes | 2025-03-20 | N/A | 5.4 MEDIUM |
| The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-42307 | 1 Code-projects | 1 Exam Form Submission | 2025-03-20 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section. | |||||
| CVE-2024-4400 | 1 Boldgrid | 1 Post And Page Builder | 2025-03-20 | N/A | 6.4 MEDIUM |
| The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-34558 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2025-03-20 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2. | |||||
| CVE-2024-34553 | 1 Select-themes | 1 Stockholm Core | 2025-03-20 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1. | |||||
| CVE-2024-37629 | 1 Summernote | 1 Summernote | 2025-03-20 | N/A | 6.1 MEDIUM |
| SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | |||||
| CVE-2024-28128 | 1 Cleancoder | 1 Fitnesse | 2025-03-20 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter. | |||||
| CVE-2022-4656 | 1 Plugins-market | 1 Wp Visitor Statistics | 2025-03-20 | N/A | 5.4 MEDIUM |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2024-27136 | 1 Apache | 1 Jspwiki | 2025-03-20 | N/A | 6.1 MEDIUM |
| XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later. | |||||
| CVE-2024-6848 | 1 Boldgrid | 1 Post And Page Builder | 2025-03-20 | N/A | 6.4 MEDIUM |
| The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-3174 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||||