Total
28595 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-23702 | 1 Pixelgrade | 1 Comments Rating | 2024-10-29 | N/A | 4.8 MEDIUM |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions. | |||||
CVE-2023-20248 | 2024-10-29 | N/A | 5.4 MEDIUM | ||
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
CVE-2024-1988 | 1 Pickplugins | 1 Post Grid | 2024-10-29 | N/A | 5.4 MEDIUM |
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2024-5425 | 1 Lightpress | 1 Lightbox | 2024-10-29 | N/A | 5.4 MEDIUM |
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2024-1768 | 1 Nayrathemes | 1 Clever Fox | 2024-10-29 | N/A | 5.4 MEDIUM |
The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2024-51509 | 2024-10-29 | N/A | 4.8 MEDIUM | ||
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name. | |||||
CVE-2024-51508 | 2024-10-29 | N/A | 4.8 MEDIUM | ||
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index. | |||||
CVE-2024-51507 | 2024-10-29 | N/A | 4.8 MEDIUM | ||
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name. | |||||
CVE-2024-51506 | 2024-10-29 | N/A | 4.8 MEDIUM | ||
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description. | |||||
CVE-2024-48743 | 2024-10-29 | N/A | 6.5 MEDIUM | ||
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter. | |||||
CVE-2024-48239 | 2024-10-29 | N/A | 4.8 MEDIUM | ||
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS). | |||||
CVE-2024-21727 | 2024-10-29 | N/A | 6.1 MEDIUM | ||
XSS vulnerability in DP Calendar component for Joomla. | |||||
CVE-2023-46824 | 1 Omaksolutions | 1 Slick Popup | 2024-10-29 | N/A | 4.8 MEDIUM |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <= 1.7.14 versions. | |||||
CVE-2023-46822 | 1 Visser | 1 Store Exporter For Woocommerce | 2024-10-29 | N/A | 6.1 MEDIUM |
Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin <= 2.7.2 versions. | |||||
CVE-2023-46783 | 1 Brightplugins | 1 Pre-orders For Woocommerce | 2024-10-29 | N/A | 5.4 MEDIUM |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions. | |||||
CVE-2023-46782 | 1 Chrisyee | 1 Momentopress For Momento360 | 2024-10-29 | N/A | 5.4 MEDIUM |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin <= 1.0.1 versions. | |||||
CVE-2023-46643 | 1 Cloudnet360 | 1 Cloudnet360 | 2024-10-29 | N/A | 6.1 MEDIUM |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <= 3.2.0 versions. | |||||
CVE-2023-46640 | 1 Mauvedev | 1 Medialist | 2024-10-29 | N/A | 5.4 MEDIUM |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin <= 1.3.9 versions. | |||||
CVE-2023-46621 | 1 Enejbajgoric\/gagansandhu\/ctltdev | 1 User Avatar | 2024-10-29 | N/A | 6.1 MEDIUM |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin <= 1.4.11 versions. | |||||
CVE-2023-46613 | 1 Add-to-calendar-button | 1 Add To Calendar Button | 2024-10-29 | N/A | 5.4 MEDIUM |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin <= 1.5.1 versions. |