Total
37647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12463 | 1 Arena.im | 1 Arena.im | 2025-02-27 | N/A | 6.4 MEDIUM |
| The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-0485 | 1 Fanli2012 | 1 Native-php-cms | 2025-02-27 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfig_doedit.php. The manipulation of the argument info leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-34192 | 1 Zimbra | 1 Collaboration | 2025-02-27 | N/A | 9.0 CRITICAL |
| Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. | |||||
| CVE-2023-5354 | 1 Getawesomesupport | 1 Awesome Support | 2025-02-26 | N/A | 6.1 MEDIUM |
| The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2023-5228 | 1 Wpeverest | 1 User Registration | 2025-02-26 | N/A | 4.8 MEDIUM |
| The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-5181 | 1 Sarveshmrao | 1 Wp Discord Invite | 2025-02-26 | N/A | 4.8 MEDIUM |
| The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-4858 | 1 Topcode | 1 Simple Table Manager | 2025-02-26 | N/A | 4.8 MEDIUM |
| The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-4810 | 1 Wpdarko | 1 Responsive Pricing Table | 2025-02-26 | N/A | 4.8 MEDIUM |
| The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-29623 | 1 Purchase Order Management Project | 1 Purchase Order Management | 2025-02-26 | N/A | 6.1 MEDIUM |
| Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. | |||||
| CVE-2023-28607 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-02-26 | N/A | 6.1 MEDIUM |
| js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. | |||||
| CVE-2023-1025 | 1 Simplefilelist | 1 Simple File List | 2025-02-26 | N/A | 4.8 MEDIUM |
| The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-34791 | 1 Wpbean | 1 Wpb Elementor Addons | 2025-02-26 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpbean WPB Elementor Addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through 1.0.9. | |||||
| CVE-2023-27059 | 1 Churchcrm | 1 Churchcrm | 2025-02-26 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field. | |||||
| CVE-2024-0083 | 2025-02-26 | N/A | 6.5 MEDIUM | ||
| NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure. | |||||
| CVE-2023-28606 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-02-26 | N/A | 6.1 MEDIUM |
| js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. | |||||
| CVE-2023-27711 | 1 Typecho | 1 Typecho | 2025-02-26 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. | |||||
| CVE-2023-24278 | 1 Squidex.io | 1 Squidex | 2025-02-26 | N/A | 6.1 MEDIUM |
| Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability. | |||||
| CVE-2023-0370 | 1 Wpbean | 1 Wpb Advanced Faq | 2025-02-26 | N/A | 5.4 MEDIUM |
| The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0273 | 1 Custom Content Shortcode Project | 1 Custom Content Shortcode | 2025-02-26 | N/A | 5.4 MEDIUM |
| The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0175 | 1 Accesspressthemes | 1 Smart Logo Showcase Lite | 2025-02-26 | N/A | 5.4 MEDIUM |
| The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||