Vulnerabilities (CVE)

Filtered by CWE-79
Total 28595 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-23702 1 Pixelgrade 1 Comments Rating 2024-10-29 N/A 4.8 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.
CVE-2023-20248 2024-10-29 N/A 5.4 MEDIUM
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
CVE-2024-1988 1 Pickplugins 1 Post Grid 2024-10-29 N/A 5.4 MEDIUM
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-5425 1 Lightpress 1 Lightbox 2024-10-29 N/A 5.4 MEDIUM
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-1768 1 Nayrathemes 1 Clever Fox 2024-10-29 N/A 5.4 MEDIUM
The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-51509 2024-10-29 N/A 4.8 MEDIUM
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
CVE-2024-51508 2024-10-29 N/A 4.8 MEDIUM
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
CVE-2024-51507 2024-10-29 N/A 4.8 MEDIUM
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
CVE-2024-51506 2024-10-29 N/A 4.8 MEDIUM
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
CVE-2024-48743 2024-10-29 N/A 6.5 MEDIUM
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter.
CVE-2024-48239 2024-10-29 N/A 4.8 MEDIUM
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
CVE-2024-21727 2024-10-29 N/A 6.1 MEDIUM
XSS vulnerability in DP Calendar component for Joomla.
CVE-2023-46824 1 Omaksolutions 1 Slick Popup 2024-10-29 N/A 4.8 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <= 1.7.14 versions.
CVE-2023-46822 1 Visser 1 Store Exporter For Woocommerce 2024-10-29 N/A 6.1 MEDIUM
Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin <= 2.7.2 versions.
CVE-2023-46783 1 Brightplugins 1 Pre-orders For Woocommerce 2024-10-29 N/A 5.4 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions.
CVE-2023-46782 1 Chrisyee 1 Momentopress For Momento360 2024-10-29 N/A 5.4 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin <= 1.0.1 versions.
CVE-2023-46643 1 Cloudnet360 1 Cloudnet360 2024-10-29 N/A 6.1 MEDIUM
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <= 3.2.0 versions.
CVE-2023-46640 1 Mauvedev 1 Medialist 2024-10-29 N/A 5.4 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin <= 1.3.9 versions.
CVE-2023-46621 1 Enejbajgoric\/gagansandhu\/ctltdev 1 User Avatar 2024-10-29 N/A 6.1 MEDIUM
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin <= 1.4.11 versions.
CVE-2023-46613 1 Add-to-calendar-button 1 Add To Calendar Button 2024-10-29 N/A 5.4 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin <= 1.5.1 versions.